The Agent Skills Directory

[SAFE]: The skill is primarily educational and procedural, providing structured workflows for legal analysis. All components, including reference guides and Python scripts, align with the stated purpose of statutory interpretation.\n- [COMMAND_EXECUTION]: The skill includes two Python scripts (scripts/statute_keyword_analyzer.py and scripts/requirement_classifier.py) intended to be run locally. These scripts use standard Python libraries (re, json, argparse) to perform text analysis and classification. They do not contain calls to eval(), exec(), subprocess, or any other high-risk functions.\n- [DATA_EXPOSURE]: Analysis of the Python scripts confirms they only interact with local files provided via command-line arguments. There are no network-enabled functions (e.g., requests, urllib, socket) or hardcoded credentials present.\n- [INDIRECT_PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection because it is designed to ingest and analyze external statutory text. If an adversary provides a document containing hidden instructions, the agent's interpretation of the resulting metadata could be affected. This is documented as an inherent property of text-analysis tools rather than a specific vulnerability of this skill.

statute-analysis