The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: Code examples in SKILL.md and references/tool-builder.md demonstrate using the eval() function to handle tool arguments (e.g., for a calculator tool). Executing eval() on strings generated by an AI agent is a high-risk pattern that allows for arbitrary code execution on the host machine if the input is not strictly sanitized.\n- [COMMAND_EXECUTION]: The skill documents 'internal tools' and 'client tools' that can execute code (internal_tools().code_execution(True)) or modify the local file system (delete_file tool in references/agent-patterns.md). While the examples include human-approval checkpoints (require_approval()), these capabilities grant the agent significant control over the environment.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the inferencesh Python package and references adding additional skills via npx commands.\n- [DATA_EXFILTRATION]: The SDK includes built-in functionality for uploading files to a remote cloud service (inference.sh) and making outbound requests via webhooks. While these are documented features, they provide paths for potential data egress.

python-sdk