The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from external files to drive its execution logic.
Ingestion points: csrc/ops/<op>/test/<op>-test-cases.md, csrc/ops/<op>/design.md, and <op>_perf_cases.jsonl.
Boundary markers: Absent. Content from external files is processed without delimiters or instructions to ignore embedded commands.
Capability inventory: Includes dynamic library loading via torch.ops.load_library and file system write access in layer_norm_profiler_common.py.
Sanitization: Absent. The skill does not validate or escape content extracted from the markdown or JSONL files before using it to configure operator tests.
[REMOTE_CODE_EXECUTION]: The skill performs dynamic loading of executable code from computed file system paths.
Evidence: The load_custom_library function in layer_norm_profiler_common.py uses glob.glob to find shared object files and executes torch.ops.load_library(lib_files[0]). While this is intended for loading the operator's own implementation for performance profiling, this mechanism allows for the execution of arbitrary compiled code if a malicious library is placed in the expected directory structure.

ascendc-operator-performance-eval