The Agent Skills Directory

[PROMPT_INJECTION]: The skill instructs the agent to analyze and assist with user-provided project files such as README.md, Makefile, and Snakefile. This creates a surface for indirect prompt injection where malicious instructions embedded in a researcher's repository could influence agent behavior.
Ingestion points: Analysis of project directory structures and configuration files as described in SKILL.md.
Boundary markers: No explicit delimiters or boundary markers are suggested for separating untrusted project content from agent instructions.
Capability inventory: The agent is expected to interpret and debug shell-based workflow commands and python-based analysis scripts.
Sanitization: No sanitization or validation logic is provided for processing user-supplied data files or documentation.
[COMMAND_EXECUTION]: The skill provides numerous templates for shell-based workflow managers (Make, Snakemake, DVC) and Stata batch mode, which involve the execution of arbitrary scripts and system commands.
Evidence: Makefile examples and DVC pipeline definitions in SKILL.md, and 'stata -b do' templates in references/stata-and-crosslang.md.
[EXTERNAL_DOWNLOADS]: The skill contains templates for environment management and data versioning that involve downloading software packages from well-known registries (Conda-forge, PyPI) and data from remote storage services (AWS S3, Google Cloud Storage).
Evidence: environment.yml and requirements.txt templates in references/environment-and-seeds.md and DVC remote configuration examples in SKILL.md.
[REMOTE_CODE_EXECUTION]: A code example for results caching in the documentation utilizes the 'joblib' library, which uses 'pickle' for data serialization. Deserializing data from an untrusted or tampered cache file can lead to arbitrary code execution.
Evidence: 'joblib.load(cache_path)' in the Results Caching utility example in references/environment-and-seeds.md.

reproducible-pipelines