The Agent Skills Directory

Prompt Injection (SAFE): No instructions found that attempt to bypass safety filters or override agent behavior.
Data Exposure & Exfiltration (SAFE): Network activity is restricted to fetching data from official and reputable institutional sources (USGS, INSG, S&P Global). No sensitive local file access or exfiltration of user data was observed.
Obfuscation (SAFE): All code and documentation are provided in cleartext. No Base64, zero-width characters, or homoglyph attacks are present.
Unverifiable Dependencies & Remote Code Execution (SAFE): Dependencies are standard data science libraries (pandas, numpy, matplotlib, requests). No remote script execution or piped shell commands (curl|bash) were detected.
Indirect Prompt Injection (LOW): The skill ingests data from external URLs for analysis. While this is an ingestion surface, the targets are official government and industry data portals, and the ingested data is processed via structured parsing (BeautifulSoup/pandas) rather than being directly executed as instructions.
Ingestion points: workflows/ingest.md (USGS, INSG, corporate IR pages).
Boundary markers: Standard data processing boundaries.
Capability inventory: File system write access for saving generated plots in the output/ directory.
Sanitization: Standard BeautifulSoup parsing.
Privilege Escalation & Persistence (SAFE): The skill does not use sudo, modify system configurations, or attempt to establish persistence across sessions.
Dynamic Execution (SAFE): No usage of eval(), exec(), or dynamic runtime code generation was found.

nickel-concentration-risk-analyzer