The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The documentation for custom automations includes a setup script that downloads the uv package manager installer from astral.sh (a well-known technology provider) and installs official OpenHands SDK packages from PyPI.
[REMOTE_CODE_EXECUTION]: The skill provides a mechanism for 'custom automations' where users can upload code in a tarball and specify an execution entrypoint; the agent is explicitly instructed to only use this path if requested by the user.
[COMMAND_EXECUTION]: The skill uses standard system commands such as curl and tar to interact with the OpenHands API and package automation code.
[CREDENTIALS_UNSAFE]: Authentication is managed via the OPENHANDS_API_KEY environment variable to interact with the platform's official automation endpoints.
[DATA_EXFILTRATION]: The skill communicates with official OpenHands API endpoints (app.all-hands.dev) to manage automation resources, which is the intended functionality of the tool.
[PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection as it creates automations designed to process external data from webhooks (e.g., GitHub events) and natural language prompts. 1. Ingestion points: Webhook payloads and prompts (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution and network operations (references/custom-automation.md). 4. Sanitization: Absent.

openhands-automation