The Agent Skills Directory

[Metadata Analysis] (SAFE): The skill metadata correctly describes its purpose for commercial AIGC creation. The allowed tools (WebFetch, WebSearch, etc.) are standard and proportional to the task of research and content generation.
[Prompt Injection] (SAFE): No instructions to override system prompts, bypass safety filters, or extract sensitive information were found. The 'strategy' and 'viral-checklist' rules are focused on marketing efficacy rather than behavioral manipulation.
[Indirect Prompt Injection] (LOW):
Ingestion points: The skill ingests untrusted product descriptions via the $ARGUMENTS variable in SKILL.md.
Boundary markers: Absent. The input is interpolated directly into the persona context.
Capability inventory: The skill has access to WebFetch and WebSearch via frontmatter configuration, though the provided rule files focus on local generation steps.
Sanitization: No specific sanitization or escaping of the product input is described.
Note: This is a common pattern for content generation skills and poses a low risk given the intended use case.
[Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, API keys, or sensitive file paths (e.g., .ssh, .env) are present. Recommendations for third-party services like ElevenLabs or Midjourney are provided as user guidance without embedded secrets.
[Obfuscation] (SAFE): No instances of Base64 encoding, zero-width characters, homoglyphs, or other obfuscation techniques were detected across the 17 markdown files.
[Code Safety] (NO_CODE): The skill consists entirely of Markdown instructions and prompt templates. No executable scripts (.py, .js, .sh) or external package dependencies were included.

commercial