The Agent Skills Directory

[DATA_EXFILTRATION] (SAFE): The automated scan alert for logger.info is a false positive. In the context of the skill, logger.info is part of a regular expression replacement example (sd 'console\.log$(.*)$' 'logger.info($1)') intended to refactor code from console.log to a logging framework. It does not represent a URL or a network connection.\n- [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends installing the sd tool via brew or cargo. These are trusted package managers and sd is a well-known open-source utility. This is a recommendation for environment setup rather than a hidden script download.\n- [COMMAND_EXECUTION] (SAFE): The skill uses the Bash tool to execute sd and rg for file manipulation. These operations are limited to the intended purpose of text replacement and do not involve suspicious command chaining, privilege escalation, or persistence mechanisms.\n- [PROMPT_INJECTION] (SAFE): No instructions were found that attempt to bypass safety filters or override the agent's core instructions. The skill also exhibits a potential surface for indirect prompt injection as it processes file content. Evidence Chain:\n
Ingestion points: File contents processed by rg and sd (per SKILL.md).\n
Boundary markers: Absent.\n
Capability inventory: sd (file-write) and Bash (command execution) described in SKILL.md.\n
Sanitization: Absent.\n
Severity: LOW (downgraded to SAFE as it is the primary intended purpose).

find-replace