The Agent Skills Directory

Indirect Prompt Injection (SAFE): The skill processes RPG source code, which constitutes an ingestion point for untrusted data. However, the scripts (analyze-dependencies.sh, analyze-dependencies.ps1, estimate-complexity.py) use restrictive regular expressions to extract identifiers and counts rather than processing free-form text, which significantly reduces the risk of malicious instruction injection.\n- Data Exposure & Exfiltration (SAFE): No network operations or commands accessing sensitive system locations (like SSH keys or environment variables) were found. All operations are local and confined to the provided source directory.\n- Dynamic Execution (SAFE): The scripts do not use dynamic code execution functions such as eval, exec, or Function on untrusted input. The Python script uses standard regex and logic for complexity estimation.\n- Unverifiable Dependencies (SAFE): The skill depends only on standard system utilities (Bash, PowerShell, Python) and does not include or download external third-party packages.\n- Code Quality Note (INFO): The script estimate-complexity.py appears to be a draft or contains errors, as it references class names and dictionary keys that are not defined. While this would cause a runtime error, it does not pose a security threat.

rpg-migration-analyzer