The Agent Skills Directory

[COMMAND_EXECUTION]: The example 'CalculatorTool' implementation uses the 'eval()' function on user-provided expressions. This allows for arbitrary code execution within the Python environment, which could be exploited if the agent is manipulated into executing malicious logic via prompt injection.
[DATA_EXFILTRATION]: The skill includes tools for local file and directory access ('FileReadTool', 'DirectoryReadTool'). Without strict path validation, these capabilities could be used to expose sensitive local information to the agent's context or an external party.
[EXTERNAL_DOWNLOADS]: The skill includes functionality to fetch and process data from external sources such as websites ('ScrapeWebsiteTool'), YouTube ('YoutubeVideoSearchTool'), and PDF documents ('PDFSearchTool'). These represent vectors for untrusted data ingestion.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to the lack of sanitization on ingested external data combined with high-impact tools. Ingestion points: External websites, YouTube metadata/transcripts, and PDF documents. Boundary markers: None identified in the templates to distinguish instructions from data. Capability inventory: File system access, network requests, code interpretation, and database querying. Sanitization: No evidence of input validation or content filtering for ingested external content.

crewai