The Agent Skills Directory

[COMMAND_EXECUTION]: Several STATA scripts (e.g., 'references/JAR_58_gsz.do' and 'references/JAR_56_al.do') utilize the 'shell' and '!' commands to execute system-level operations such as file deletion ('shell rm', 'capture erase'). These commands pose a risk if the agent attempts to run the provided syntax in a non-sandboxed environment. Additionally, many files contain hardcoded absolute paths (e.g., 'C:\Users\martin.jacob\Dropbox') that expose internal directory structures and user information from the original authors' systems.
[REMOTE_CODE_EXECUTION]: The script 'references/JAR_56_csmw.do' contains 'net install' commands that fetch and execute STATA components from an external academic repository at Boston College ('fmwww.bc.edu'). While this is a standard practice in the STATA community, it represents a remote code download and execution vector.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it processes user-provided variable names through scripts with significant system capabilities. Ingestion points: User-specified variables (treatment, outcomes, controls) are interpolated directly into the STATA syntax as indicated in 'SKILL.md'. Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential commands embedded in the user-provided data. Capability inventory: The associated scripts possess capabilities for OS interaction ('shell') and remote dependency installation ('net install'). Sanitization: There is no evidence of input validation or sanitization to prevent the injection of malicious STATA or shell commands through variable names.

stata-accounting-research