The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references the official volcengine-python-sdk and requests libraries. It also links to official documentation and GitHub repositories for Volcengine and the author's own resources, which are considered safe for the intended use case.
[COMMAND_EXECUTION]: Provides example shell commands for pip installation and curl based API testing. These are standard documentation components and do not represent a security risk.
[PROMPT_INJECTION]: The skill documents an implementation pattern for RAG (Retrieval-Augmented Generation) in Section 10.2 that contains an indirect prompt injection surface. * Ingestion points: The variables {retrieved_context} and {question} in the integration example in SKILL.md. * Boundary markers: Uses basic text headers (e.g., 【知识库内容】) but lacks robust delimiters or safety instructions to prevent the model from executing instructions embedded in external data. * Capability inventory: The skill guides the agent in generating and executing API calls that process this interpolated data. * Sanitization: No input validation or filtering is demonstrated in the code snippets provided.

volcengine-doubao-api