The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The documentation and reference files include instructions for downloading development tools (such as uv from astral.sh) and automation plugins from the official OpenHands extensions repository on GitHub. These references target well-known and vendor-affiliated sources.
[REMOTE_CODE_EXECUTION]: This skill facilitates the creation of automations that execute prompts or user-provided scripts within isolated Cloud sandboxes. This behavior is the primary intended function of the service and is presented clearly as a feature.
[DATA_EXFILTRATION]: The skill interacts with the vendor's official API (app.all-hands.dev) to manage automation metadata and payloads. All network operations are directed at the vendor's infrastructure using standard authentication patterns.
[PROMPT_INJECTION]: As the skill is designed to process external events (like GitHub webhooks), there is an inherent surface for indirect prompt injection where an attacker could craft a payload (e.g., a pull request comment) to influence the behavior of an automation's agent. This represents a known risk factor for event-driven automation systems but no malicious patterns were found in the skill code.

openhands-automation