The Agent Skills Directory

[DATA_EXFILTRATION]: The skill uploads user-provided data files to data-agent.volcengineapi.com for analysis and conversion. This domain is owned by the vendor (Volcengine) and the behavior is the primary intended function of the skill.
[CREDENTIALS_UNSAFE]: The tool requires Volcengine API credentials (AccessKey and SecretKey). It includes instructions to check for these in the environment and prompts the user to provide them if they are missing. It correctly follows security practices by instructing the agent not to hardcode these secrets.
[COMMAND_EXECUTION]: The skill uses shell commands to find its scripts, create a Python virtual environment, and execute the conversion logic. It also suggests installing python3-venv if it is missing from the system, which is a standard setup procedure.
[EXTERNAL_DOWNLOADS]: During its setup phase, the skill downloads the official volcengine-python-sdk package. This is a legitimate dependency required for the skill to communicate with the vendor's API.
[PROMPT_INJECTION]: The SKILL.md file contains instructions that prioritize a clean user interface by suppressing technical logs and intermediate processing steps. While this involves concealing technical details from the user, it is a design choice for user experience rather than a malicious attempt to bypass safety guidelines.

byted-data-deepresearch-structured2markdown