The Agent Skills Directory

[Prompt Injection] (SAFE): No instructions attempting to override safety guidelines, extract system prompts, or bypass agent constraints were detected in the workflow or reference files.- [Data Exposure & Exfiltration] (SAFE): Network operations are restricted to reputable financial and government domains. No evidence of hardcoded credentials, sensitive local file access, or data exfiltration mechanisms was found.- [Obfuscation] (SAFE): The provided Python scripts and Markdown documentation contain no Base64, zero-width characters, or other encoding techniques used to hide malicious intent.- [Unverifiable Dependencies & Remote Code Execution] (SAFE): Dependencies specified in the manifest are standard analytical libraries. No patterns for piped remote script execution or unsafe dynamic code loading were identified.- [Indirect Prompt Injection] (LOW): The skill ingests external web content, creating a surface for indirect prompt injection. 1. Ingestion points: scripts/ingest_sources.py fetches data from USGS, IEA, and Global X. 2. Boundary markers: Workflows use XML-like tags (e.g., <process>) to structure agent instructions. 3. Capability inventory: Python scripts perform statistical calculations and network GET requests. 4. Sanitization: Data is filtered through BeautifulSoup to extract specific metrics rather than passing raw text directly to the agent.

lithium-supply-demand-gap-radar