MUST be used when adding Pyodide or Python tool support to a Flows app. Do NOT manually configure usePyodideRuntime or wire pythonRuntime into useAtlasChat — this skill handles pyodide installation, hook setup, loading UI, and chat hook wiring. Prerequisite: integrate-atlas-chat (vendored src/atlas-agent + atlas chat wiring). Triggers: Pyodide, Python tools, pythonRuntime, usePyodideRuntime, runPythonCode, Python execution, client-side Python.
69
—
Does it follow best practices?
Impact
—
No eval scenarios have been run
Critical
Do not install without reviewing
Security
3 findings — 1 critical severity, 2 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.
Malicious code pattern detected (high risk: 0.90). The skill enables executing arbitrary Python code fetched from an agent's remote config in the user's browser, auto-approves tool execution, and injects Cognite SDK credentials into that runtime—creating a high-risk remote code execution and data-exfiltration capability that can be abused as a backdoor.
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Third-party content exposure detected (medium risk: 0.65). The required runtime path is that when the agent triggers a `runPythonCode` clientTool, the library fetches the Python tool’s code from the agent’s CDF config and executes it in Pyodide; that fetched tool body is outsider-authored free text (not authored by the operating user) and becomes LLM-visible context via the tool execution/result flow.
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Potentially malicious external URL detected (high risk: 0.90). The skill explicitly calls loadPyodide (which fetches Pyodide CDN artifacts at runtime) and states the library automatically fetches Python tool code from the agent's CDF config at runtime and executes it in Pyodide, meaning remote content is fetched during execution and runs as code.
ab7b5f8
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.