The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses unsafe deserialization methods in several code templates and reference files. These include 'pickle.load()' in 'references/feature-engineering.md', 'torch.load()' in 'references/training-pipelines.md', and 'joblib.load()' in 'references/pipeline-orchestration.md'. These libraries are vulnerable to arbitrary code execution if the input files (artifacts, checkpoints, or pipelines) are sourced from an untrusted or compromised location.
[COMMAND_EXECUTION]: The skill performs dynamic loading from computed paths in 'references/experiment-tracking.md', where the 'load_production_model' function assembles a model URI from a user-supplied name and loads it using 'mlflow.pyfunc.load_model'.
[PROMPT_INJECTION]: The skill defines pipelines that ingest raw data from external paths, creating a potential surface for indirect injection if data content is used in subsequent logic. Ingestion points include raw data files loaded in 'load_data' and 'preprocess_data' components. Boundary markers and security-focused sanitization are absent, as the instructions focus on data quality validation rather than security boundary enforcement for untrusted content.
[EXTERNAL_DOWNLOADS]: The Kubeflow component templates in 'SKILL.md' and 'references/pipeline-orchestration.md' specify external packages like 'scikit-learn', 'mlflow', 'pandas', and 'joblib' to be installed at runtime. These target well-known, standard packages from official registries.

ml-pipeline