The Agent Skills Directory

[COMMAND_EXECUTION]: The orchestrator script scripts/orchestrate_repro.py extracts shell commands from an external repository's README and executes them using subprocess.run. Although it uses shlex.split to mitigate shell injection, the primary function involves running untrusted, third-party code, which could be malicious if the target repository is compromised.
[EXTERNAL_DOWNLOADS]: The skill's workflow is centered around ingesting and acting upon data from external Git repositories. It automatically selects and attempts to run setup, inference, or training commands found within these repositories.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content (README files) and uses the extracted data to influence the agent's behavior and command execution. An attacker could place malicious instructions or dangerous commands in a repository's documentation to compromise the environment during the reproduction process.
[DYNAMIC_EXECUTION]: The script orchestrate_repro.py dynamically assembles and executes command strings based on the contents of the scanned repository. It also programmatically calls other Python scripts within the skill's directory structure to perform sub-tasks like repository scanning and command extraction.

ai-research-reproduction