The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill processes external data from Excel and CSV files. While this creates an ingestion surface for potential indirect prompt injection, the skill is focused on data analysis and visualization within a sandbox.
Ingestion points: Data is loaded using pandas.read_excel and pandas.read_csv across multiple sub-skills (e.g., capability/excel-reading/multi-sheet-reading/SKILL.md).
Boundary markers: No specific delimiters or instructions are used to isolate untrusted data from the agent's control flow.
Capability inventory: The skill primarily performs file-writing operations (to_excel, to_csv, savefig) to provide reports to the user. It does not exhibit dangerous capabilities like network access or arbitrary system command execution.
Sanitization: Several sub-skills include data cleaning logic using regular expressions (e.g., extracting Chinese characters) and type conversion (pd.to_numeric), which provides a layer of validation for processed content.
[EXTERNAL_DOWNLOADS]: The skill references standard Python packages (pandas, pyarrow, openpyxl, matplotlib, seaborn, scikit-learn, scipy) required for data processing. These are well-known libraries from official registries.
[COMMAND_EXECUTION]: The skill explicitly prohibits the use of dangerous shell commands like fc-list or subprocess to search for fonts, instead providing a list of fixed paths for environment compatibility.

sn-da-excel-workflow