CtrlK
BlogDocsLog inGet started
Tessl Logo

setup-python-tools

MUST be used when adding Pyodide or Python tool support to a Flows app. Do NOT manually configure usePyodideRuntime or wire pythonRuntime into useAtlasChat — this skill handles pyodide installation, hook setup, loading UI, and chat hook wiring. Prerequisite: integrate-atlas-chat (vendored src/atlas-agent + atlas chat wiring). Triggers: Pyodide, Python tools, pythonRuntime, usePyodideRuntime, runPythonCode, Python execution, client-side Python.

69

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Critical

Do not install without reviewing

SKILL.md
Quality
Evals
Security

Security

3 findings — 1 critical severity, 2 medium severity. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.

Critical

E006: Malicious code pattern detected in skill scripts

What this means

Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.

Why it was flagged

Malicious code pattern detected (high risk: 0.90). The skill enables executing arbitrary Python code fetched from an agent's remote config in the user's browser, auto-approves tool execution, and injects Cognite SDK credentials into that runtime—creating a high-risk remote code execution and data-exfiltration capability that can be abused as a backdoor.

Report incorrect finding
Medium

W011: Third-party content exposure detected (indirect prompt injection risk)

What this means

The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.

Why it was flagged

Third-party content exposure detected (medium risk: 0.65). The required runtime path is that when the agent triggers a `runPythonCode` clientTool, the library fetches the Python tool’s code from the agent’s CDF config and executes it in Pyodide; that fetched tool body is outsider-authored free text (not authored by the operating user) and becomes LLM-visible context via the tool execution/result flow.

Medium

W012: Unverifiable external dependency detected (runtime URL that controls agent)

What this means

The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.

Why it was flagged

Potentially malicious external URL detected (high risk: 0.90). The skill explicitly calls loadPyodide (which fetches Pyodide CDN artifacts at runtime) and states the library automatically fetches Python tool code from the agent's CDF config at runtime and executes it in Pyodide, meaning remote content is fetched during execution and runs as code.

Repository
cognitedata/builder-skills
Audited
Security analysis
Snyk

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.