The Agent Skills Directory

Data Exposure & Exfiltration (SAFE): The script reads from user-specified CSV files and writes output to user-specified paths. No hardcoded sensitive paths or credential exfiltration attempts were found. Network activity is limited to fetching exchange rates via the legitimate forex-python library.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill depends on established, reputable packages (pandas, forex-python). There is no evidence of dynamic code execution, subprocess spawning, or remote script fetching.
Indirect Prompt Injection (SAFE):
Ingestion points: scripts/currency_converter.py reads external data using pandas.read_csv from a path provided via CLI arguments.
Boundary markers: Not present, though data is handled as structured numeric content rather than natural language.
Capability inventory: File system write access is present (df.to_csv). No shell execution or arbitrary network capabilities found.
Sanitization: Input from CSV files is processed as numeric values for currency calculations and is not interpolated into commands or prompts.

currency-converter