The Agent Skills Directory

[COMMAND_EXECUTION]: The skill frequently executes the mthds-agent CLI tool for version checking (mthds-agent --version), schema extraction (mthds-agent pipelex inputs bundle), and running pipelines (mthds-agent pipelex run bundle). It also uses shell commands like cp to manage file system operations within the workspace.
[EXTERNAL_DOWNLOADS]: The skill instructs users to install the mthds package globally via npm install -g mthds. It also references an external PDF file from w3.org as a fallback test document, which is a well-known and trusted source. Additionally, it suggests installing third-party Python libraries like python-docx and openpyxl if they are not already available.
[REMOTE_CODE_EXECUTION]: The skill uses dynamic execution by generating Python code snippets to create PDF, DOCX, and XLSX files. These snippets use libraries like reportlab, python-docx, and openpyxl to programmatically build documents based on the user's synthesis requirements. While this is the intended purpose for generating test data, it involves the agent generating and running executable code.
[INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes user-provided file names and folder paths to populate inputs.json and CLI arguments.
Ingestion points: User-provided file paths, folder paths, and file extensions used during the inventory and matching phases (SKILL.md).
Boundary markers: None explicitly defined to isolate user-provided strings from the command logic or JSON structure.
Capability inventory: The skill has the ability to write files via Python, execute shell commands (cp), and invoke the mthds-agent CLI (SKILL.md).
Sanitization: There is no explicit evidence of sanitization or validation for user-provided paths to prevent directory traversal or command injection via file names.

mthds-inputs