The Agent Skills Directory

[SAFE]: The skill implements standard security and activity logging patterns without any detected malicious intent. It correctly utilizes Pydantic for data validation and follows best practices for non-blocking audit writes.
[DATA_EXFILTRATION]: While the skill captures user metadata such as IP addresses, user agents, and actor identifiers, this behavior is documented and inherent to the functionality of an audit trail. The data is stored in a backend database managed by the project's own state store.
[SAFE]: Indirect Prompt Injection analysis: The skill ingests untrusted data from HTTP headers (User-Agent, Correlation-ID) and URL paths via the AuditMiddleware. Boundary markers are absent in the internal details dictionary, and data is interpolated directly into the AuditEvent model. However, capabilities are limited to database inserts using a structured client, and structural validation is enforced by Pydantic, making the attack surface negligible.
[SAFE]: A minor documentation inconsistency exists between the frontmatter's claim of 7-year retention and the implementation examples in Pattern 7 which suggest shorter durations (90-365 days). This is evaluated as a documentation error rather than a security risk.

audit-trail