The Agent Skills Directory

[CREDENTIALS_UNSAFE]: Hardcoded credentials and secrets are present in the provided documentation code examples.
Evidence: In references/global_portal.md, the methods ts.set_umac_credentials and ts.encrypt_umac_config use literal strings "Password123" and "mySecret" as authentication factors.
[EXTERNAL_DOWNLOADS]: The skill provides instructions for downloading software from an external source instead of verified package registries.
Evidence: SKILL.md instructs the user to download the TIA Scripting library from the Siemens Industry Online Support portal and install it via a local wheel file, which bypasses the integrity checks of standard package managers.
[COMMAND_EXECUTION]: The skill provides shell commands for manual software installation and environment setup.
Evidence: SKILL.md includes a powershell command py -3.12 -m pip install .\siemens_tia_scripting...whl to install the library.
[PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection via project data ingestion.
Ingestion points: The agent ingests data from PLC program blocks, HMI screens, and tags using methods such as plc.import_blocks and hmi.import_screens documented in references/plc.md and references/hmi.md.
Boundary markers: The skill lacks boundary markers or instructions to treat data from imported XML/AML files as untrusted, potentially allowing embedded malicious instructions to influence agent behavior.
Capability inventory: The library includes capabilities for file system deletion (delete()), project property modification (set_property()), and establishing network connections to project servers (add_project_server()).
Sanitization: There are no sanitization or validation procedures documented for the content of imported TIA Portal project files.

tia-python