The Agent Skills Directory

[Prompt Injection] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found in the markdown body or metadata.- [Data Exposure & Exfiltration] (SAFE): Although the skill's purpose is to analyze developer sessions and code changes, there are no commands to exfiltrate data (e.g., curl, wget) or access sensitive system files (e.g., .ssh, .aws).- [Indirect Prompt Injection] (LOW): This skill defines a high-surface area for indirect injection by design. ● Ingestion points: Processes code changes, problem context, and solution approaches from the developer's session (SKILL.md). ● Boundary markers: The provided documentation does not specify delimiters or sanitization routines for the ingested data. ● Capability inventory: References a 'Pattern extractor' agent and 'Session hooks' for integration. ● Sanitization: No sanitization of user-provided code is mentioned. This represents a vulnerability surface where malicious code in a project could influence the 'instinct' learning, but it is a functional characteristic of observational learning skills.- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external package managers or remote script execution patterns were detected.- [Persistence Mechanisms] (SAFE): No attempts to modify shell profiles, cron jobs, or startup services were found.

mobile-instinct-v2