The Agent Skills Directory

[SAFE]: The skill provides legitimate functionality for analyzing construction budget variances. The Python code in SKILL.md is well-structured and focuses on cost calculations and data management without any dangerous system calls.- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes external CSV, Excel, and JSON data as mentioned in instructions.md. This is a low-risk surface as the data is used for mathematical analysis. Evidence: 1. Ingestion points: user-provided budget data; 2. Boundary markers: not specified; 3. Capability inventory: filesystem write for reports; 4. Sanitization: structured parsing via pandas.- [SAFE]: Filesystem access is declared in claw.json and used appropriately in SKILL.md for saving Excel files. No evidence of sensitive data exposure or unauthorized exfiltration was found.

budget-variance-analyzer