The Agent Skills Directory

[PROMPT_INJECTION]: The skill is designed to process external data such as CSV, Excel, and JSON files, as well as user-supplied text for project names and finding descriptions. This content is interpolated into reports and potentially analyzed by the LLM, creating a surface for indirect prompt injection.
Ingestion points: Described in instructions.md as CSV, Excel, JSON, or direct input, and implemented in the record_finding method in SKILL.md.
Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the agent instructions.
Capability inventory: The skill requests filesystem and network permissions in claw.json.
Sanitization: No sanitization or content validation for user-provided data is defined.
[COMMAND_EXECUTION]: The claw.json manifest requests both filesystem and network permissions. Although the Python logic in SKILL.md is focused on internal data structures and does not execute system commands or network requests, these permissions grant the agent the ability to interact with the host and external resources, which could be exploited if the agent is compromised via malicious input.
[SAFE]: The Python code implementation in SKILL.md is clean and relies exclusively on the Python standard library. It defines clear data structures (dataclasses and Enums) and follows standard programming practices without using obfuscation or dangerous dynamic execution patterns.

safety-inspection-checklist