The Agent Skills Directory

[COMMAND_EXECUTION]: The tool definition example for the 'calculator' in SKILL.md uses the Python eval() function on the 'expression' argument. When used by an AI agent, this expression is generated based on user input, creating a risk where a user could trick the agent into executing arbitrary Python code via the tool.- [PROMPT_INJECTION]: The skill provides instructions for implementing Retrieval-Augmented Generation (RAG) and web loading (WebBaseLoader, PyPDFLoader) which ingest untrusted external data. This data is directly interpolated into prompts, creating a surface for indirect prompt injection attacks. * Ingestion points: WebBaseLoader, PyPDFLoader, and DirectoryLoader in SKILL.md. * Boundary markers: No delimiters or safety instructions are used when interpolating {context} into templates. * Capability inventory: The agent examples include tool execution (search_web, calculator) and file system access (DirectoryLoader, persist_directory). * Sanitization: No sanitization or validation of external content is present in the provided examples.- [EXTERNAL_DOWNLOADS]: The skill includes instructions to install official LangChain and provider-specific packages (e.g., langchain-openai, langchain-chroma) from PyPI. These are recognized as official packages from well-known sources.

langchain