The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses local Python scripts (maturity_scorer.py, metrics_dashboard.py, team_health_checker.py) to process organizational data. Analysis of these scripts confirms they perform purely mathematical and logic-based operations on the input data without spawning unauthorized subprocesses or accessing the network.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: No network operations or unauthorized file access patterns were found. The skill processes local JSON/YAML files provided by the user and outputs text-based reports.\n- [PROMPT_INJECTION]: The instructions in SKILL.md are focused on guiding the agent's behavior for agile coaching and framework selection. There are no attempts to bypass safety filters or override system instructions.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data (assessment and health surveys) using the maturity_scorer.py and team_health_checker.py scripts. While this creates an ingestion surface, the risk is minimized as the scripts use standard JSON/YAML parsing and do not interpolate data into executable commands or sensitive prompt areas. The impact is limited to local report generation.\n- [DYNAMIC_EXECUTION]: The skill uses standard Python scripts for its logic. There is no evidence of eval(), exec(), or dynamic code generation from untrusted sources.

agile-coach