The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/bootstrap_env.py employs subprocess.run to execute environment management commands such as conda create, mamba create, and pip install. These operations are fundamental to the skill's purpose of bootstrapping reproducible research environments.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted content from external repositories.
Ingestion points: The scripts scripts/plan_setup.py and scripts/prepare_assets.py read and parse several untrusted file types including README.md, environment.yml, requirements.txt, and various configuration files (.py, .yaml, .json, .toml).
Boundary markers: The implementation lacks explicit boundary markers or instructions to the model to disregard potentially malicious commands or directions embedded within the ingested repository data.
Capability inventory: The skill has the capability to execute shell commands via subprocess.run in scripts/bootstrap_env.py and identifies remote URLs for asset downloads.
Sanitization: The scripts extract URLs and file paths using regular expressions but do not perform security-centric validation or sanitization of this content before presenting it as an actionable setup or asset plan.

env-and-assets-bootstrap