The Agent Skills Directory

[COMMAND_EXECUTION]: The SDK includes methods such as box.exec.command() and box.exec.code() that enable the execution of arbitrary shell commands and Python/JavaScript/TypeScript code within the sandboxed container environment.
[EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the upstash-box package and supports cloning remote repositories into the sandbox via box.git.clone(). It also allows the use of MCP servers from external packages and URLs.
[PROMPT_INJECTION]: The skill's design creates an environment susceptible to indirect prompt injection, as AI agents are frequently used to process potentially untrusted data with a high degree of autonomy and capability.
Ingestion points: Untrusted data enters the agent's context through files read via box.files.read(), repositories cloned with box.git.clone(), and files uploaded with box.files.upload().
Boundary markers: The provided documentation and examples do not include explicit instructions or delimiters to help the agent distinguish between its system instructions and the content of external files.
Capability inventory: The agents operating within the box have extensive permissions, including command execution (box.exec.command), code execution (box.exec.code), filesystem modification (box.files.write), and the ability to expose services through public URLs (box.get_public_url).
Sanitization: The skill does not demonstrate any sanitization or validation of data retrieved from external sources before it is interpreted by the AI agent.

upstash-box-py