The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The search_skills tool is configured to automatically download skills from a cloud community by default (auto_import: true), which introduces unverified third-party instructions and scripts into the local environment.
[REMOTE_CODE_EXECUTION]: The execute_task tool executes autonomous workflows that include coding and DevOps tasks. When these tasks are performed using skills automatically imported from the cloud, it creates a direct path for executing arbitrary remote code on the host system.
[DATA_EXFILTRATION]: The upload_skill tool allows the agent to transmit the entire contents of a local directory (skill_dir) to an external cloud platform. This functionality can be abused to exfiltrate sensitive data, such as configuration files, environment variables, or credentials, if the agent is manipulated into targeting sensitive system paths.
[COMMAND_EXECUTION]: The skill's primary purpose involves performing system-level DevOps and coding operations, which grants the agent the capability to execute high-risk shell commands and modify the host environment.
[PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection because it processes and follows instructions contained within 'skills' retrieved from a public community. Malicious actors could upload skills containing hidden instructions designed to bypass agent constraints or steal information.

delegate-task