The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/bootstrap_env.py uses subprocess.run to execute shell commands for environment creation and dependency installation (e.g., conda env create, pip install). These actions are triggered by files found in untrusted target repositories.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of untrusted data from external repositories. Ingestion points: The scripts scripts/plan_setup.py, scripts/prepare_assets.py, and scripts/bootstrap_env.py read content from README.md, requirements.txt, environment.yml, and config files in the target repo. Boundary markers: There are no boundary markers or delimiters used to separate untrusted repository content from instructions. Capability inventory: The skill can execute shell commands via subprocess and perform file system operations. Sanitization: There is no evidence of validation or sanitization of data extracted from the repository, such as environment names parsed from YAML files which are used as command-line arguments.

env-and-assets-bootstrap