The Agent Skills Directory

[COMMAND_EXECUTION]: The skill defines a safety protocol for the exec tool, categorizing shell commands into 'Safe' (e.g., python3, Rscript, pandoc, jq, wc, grep, find) and those requiring user approval (e.g., curl, wget, pip install). This procedure limits the risk of executing unauthorized system commands.
[REMOTE_CODE_EXECUTION]: The SOP involves a workflow of generating scripts and executing them within the workspace environment. While this is the primary purpose of the skill, the execution of agent-generated code carries inherent risk if the logic is influenced by untrusted data.
[EXTERNAL_DOWNLOADS]: The instructions mention tools for downloading external content, such as workspace_download, curl, and wget. The skill correctly identifies these as operations requiring user oversight and approval.
[PROMPT_INJECTION]: The skill describes a surface for indirect prompt injection through its data processing guidelines. Ingestion points: Data inspection using pandas/polars (e.g., df.info()) as described in SKILL.md. Boundary markers: No specific delimiters or instructions to ignore embedded commands in data are defined in the file. Capability inventory: Capabilities include script execution (exec in SKILL.md), file system writes (workspace_save in SKILL.md), and network access (workspace_download in SKILL.md). Sanitization: The procedure does not specify validation or sanitization steps for external data content.

Coding SOP