The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill facilitates the execution of remote scripts via highly insecure methods that bypass local integrity checks. Specifically, it provides commands to download and immediately execute scripts from the astral.sh domain using piping to shell and Invoke-Expression.
Evidence: curl -LsSf https://astral.sh/uv/install.sh | sh in SKILL.md.
Evidence: powershell -c "irm https://astral.sh/uv/install.ps1 | iex" in SKILL.md.
[COMMAND_EXECUTION]: The skill includes instructions that modify system-wide or user-specific persistent shell profiles, which can be used to maintain access or alter execution environments across sessions.
Evidence: echo 'export PATH="$HOME/.cargo/bin:$PATH"' >> ~/.bashrc in references/advanced-patterns.md.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process data from external, untrusted sources that could contain malicious instructions.
Ingestion points: The skill reads and acts upon pyproject.toml, requirements.txt, and external git repositories provided through uv add commands (e.g., uv add git+https://github.com/user/repo.git).
Boundary markers: No specific delimiters or safety instructions are used to distinguish untrusted external content from valid configuration data.
Capability inventory: The skill leverages powerful capabilities including uv run (arbitrary code execution), uv sync (dependency installation), and direct shell command execution.
Sanitization: There is no evidence of sanitization or validation of the content fetched from external repositories or local configuration files before execution.
[EXTERNAL_DOWNLOADS]: The skill encourages downloading and installing software from remote sources, including unverified git repositories and third-party installation scripts.
Evidence: uv add git+https://github.com/user/repo.git in SKILL.md.
Evidence: cargo install --git https://github.com/astral-sh/uv uv in SKILL.md.

uv-package-manager