The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent to ask the user for API keys and base URLs if they are not provided, which are sensitive credentials.
[CREDENTIALS_UNSAFE]: The instructions suggest passing sensitive API keys as command-line arguments when starting subprocesses (e.g., run_episode_once.py), which is a known insecure practice as it can leak secrets through process monitoring tools or logs.
[COMMAND_EXECUTION]: The skill's primary workflow involves generating multiple Python scripts (get_training_dataset_item_list.py, run_episode_once.py, agent_roll.py) and then executing them via the command line.
[COMMAND_EXECUTION]: The skill suggests using SSH to connect to remote GPU clusters to start a training server and set up port forwarding (10086), which grants the agent broad execution capabilities on remote infrastructure.
[DATA_INGESTION]: The skill establishes a pipeline for processing external training data and agent outputs. This creates a surface for indirect prompt injection if the ingested content is not properly sanitized before being used to influence the reward function or subsequent agent actions.

train-complex-blackbox