The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill executes a local Python script tools/validate_apis.py using the Bash tool. This operation is restricted to the repository context and aligns with the primary purpose of the skill for API validation.- [DATA_EXPOSURE] (SAFE): The skill accesses local project files such as api_list_export.csv and tools/api_coverage.toml. No access to sensitive user directories (~/.ssh, etc.) or environment secrets was detected.- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill processes data from a CSV file (api_list_export.csv). While this is an external data ingestion point, the risk is mitigated by the skill's specific focus on file path validation within the local repository. Evidence: 1. Ingestion: api_list_export.csv; 2. Boundary markers: Absent; 3. Capability inventory: Bash, Read, Write, Edit; 4. Sanitization: Handled by the local validate_apis.py script.- [REMOTE_CODE_EXECUTION] (SAFE): No remote scripts, external downloads, or untrusted package installations were found. All execution is limited to local, pre-existing scripts.

openlark-api-validation