✓
Purpose & Capability
Name/description (pipe network TOML parsing, solving, visualization) align with the provided code: loader, solver, validator, analyzer, and visualizer modules implement those features. Declared dependencies (numpy, scipy, tomllib, networkx) make sense for numerical solving and graph operations.
!
Instruction Scope
SKILL.md itself is high-level and stays within scope, but the pre-scan flagged prompt-injection patterns (base64-block, unicode-control-chars) inside SKILL.md which could be an attempt to manipulate runtime prompts or evaluations. The code accepts TOML content and file paths from callers and will read arbitrary files (load_from_file) and write generated TOML/HTML to ./src/toml and ./src/html using values derived from the input (pipe_net.name and scenario_name) without sanitization, introducing risks (directory traversal, overwriting files).
✓
Install Mechanism
No install spec is provided (skill is distributed with code). No downloaded or remote install steps in metadata. Declared Python packages are standard scientific libraries; nothing in the install step is opaque or pulls code from an untrusted URL.
✓
Credentials
No environment variables, credentials, or config paths are requested. The skill only uses file I/O relative to the repository and standard Python libraries; requested resources are proportionate to the stated functionality.
ℹ
Persistence & Privilege
always:false (normal). The skill writes files into the agent package directories (./src/toml and ./src/html) and will read arbitrary paths passed to analyze_network; although not privileged by platform flags, the file I/O behavior means a malicious or careless caller could make it read or overwrite files within agent filesystem—review intended runtime environment and sandboxing before granting access.
Scan Findings in Context
[base64-block] unexpected: SKILL.md pre-scan detected a base64-block pattern. The skill's declared purpose (pipe network analysis) does not require embedding base64 payloads in its README/instructions; this is unexpected and worth inspecting to confirm there are no hidden or encoded instructions.
[unicode-control-chars] unexpected: SKILL.md pre-scan detected unusual Unicode control characters. These can be used to hide or obfuscate content in prompts/instructions; not expected for a straightforward usage document.
What to consider before installing
High-level advice before installing or enabling this skill:
- Code–purpose match: The Python modules implement the declared functionality (TOML loader, numerical solver, visualizer). That is coherent with the skill description.
- Prompt-injection risk: The SKILL.md was flagged for base64 and Unicode control characters. Inspect SKILL.md raw text for hidden characters or encoded payloads before trusting it. Remove or sanitize any suspicious hidden content.
- File I/O risks: The skill reads TOML files from arbitrary paths and writes output files to ./src/toml and ./src/html using names derived from input (pipe_net.name and scenario_name). If an attacker controls the TOML content or names, they could cause directory traversal or overwrite files. Mitigations: run in a sandboxed environment, restrict and validate file paths, and sanitize file names (reject '..', absolute paths, or suspicious characters).
- Input validation: Several functions assume correct types (e.g., float values for some scenario actions). Malformed inputs can raise exceptions or cause partial failures—validate inputs before handing them to the skill.
- External resources: Generated HTML references external CDNs for JS/CSS. The HTML itself does not exfiltrate data, but viewing it in a browser will fetch remote resources. If you must avoid external network calls, host the JS/CSS locally or remove CDN references.
- Dependencies & runtime: The skill expects Python >=3.11 (uses tomllib) and scientific packages (numpy, scipy). Ensure the runtime environment can install/contain those packages and that they are acceptable for your security posture.
- Testing: Before using on real data or giving it file-system access, run the skill in an isolated container, pass controlled TOML files, and verify it cannot read or write outside an allowed directory.
If you want, I can: (1) locate and show the exact lines in SKILL.md that contain the hidden characters, (2) suggest code changes to sanitize file paths and names, or (3) propose a minimal sandbox policy for running this skill safely.
