The Agent Skills Directory

[COMMAND_EXECUTION]: The documentation includes a code example for a custom CalculatorTool that utilizes the Python eval() function to process input strings. Executing arbitrary strings provided by an LLM as code is an unsafe pattern, particularly when the LLM input can be influenced by untrusted external sources.
Evidence: def _run(self, expression: str) -> str: return str(eval(expression)) in SKILL.md.
[COMMAND_EXECUTION]: The skill demonstrates the integration of the PythonREPLTool, which enables the execution of arbitrary Python code within the agent's runtime environment.
Evidence: from langchain_community.tools import ..., PythonREPLTool and python_repl = PythonREPLTool() in SKILL.md.
[PROMPT_INJECTION]: The skill documentation outlines architectural patterns that are susceptible to indirect prompt injection due to the combination of untrusted data ingestion and high-privilege tools.
Ingestion points: Examples for WebBaseLoader, PyPDFLoader, and DirectoryLoader in SKILL.md show how to ingest data from web pages, PDFs, and local files into the agent context.
Boundary markers: The RAG prompt templates provided (e.g., Answer based on context: Context: {context} Question: {question}) lack explicit delimiters or instructions for the agent to ignore potential commands embedded within the retrieved context.
Capability inventory: High-capability tools such as the eval-based calculator and the PythonREPLTool are referenced in SKILL.md.
Sanitization: There is no evidence of input validation, sanitization, or safety filtering for external content before it is processed by the LLM or passed to execution tools.
[EXTERNAL_DOWNLOADS]: The skill illustrates how to download prompt templates from the LangChain Hub public repository.
Evidence: prompt = hub.pull("hwchase17/react") in SKILL.md.

langchain