The Agent Skills Directory

File System Interaction: The scripts/rest_request.py script includes a parameter raw_output_path that allows the response from a network request to be written to any specified location on the local file system.
Evidence: The _save_raw_output function uses path.write_text() on a path derived directly from user-controllable input.
Risk: This capability could potentially be used to overwrite important configuration files or create new executable scripts if the agent is directed to process a malicious URL and save the output to a sensitive directory.
General Network Connectivity: The skill is designed as a flexible HTTP client. While the instructions suggest using the Ensembl API, the underlying code in scripts/rest_request.py does not restrict the base_url or path to specific trusted domains.
Evidence: The _build_url function and the requests.Session().request() call utilize the base_url and path inputs without validation against a whitelist.
Risk: This provides a surface for Server-Side Request Forgery (SSRF) or data exfiltration if the agent is instructed to send sensitive information (like headers or environment details) to an attacker-controlled endpoint.
External Data Ingestion Surface: The skill is designed to fetch data from external web services and process it into summaries for the user.
Evidence: The script fetches content from remote URLs and returns a summary or records to the agent context via stdout.
Risk: This creates an indirect prompt injection surface where instructions hidden within the fetched API data could potentially influence the agent's future actions.

ensembl-skill