The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill lists Bash as an allowed tool. However, its intended use is limited to searching and scanning source code within the local repository (crates/ directories). No patterns of arbitrary command execution or shell injection were found.- [DATA_EXFILTRATION] (SAFE): Although the skill reads source code and metadata, there are no network-capable tools (like curl or wget) or instructions to send data to external domains. Access is restricted to the local file system.- [PROMPT_INJECTION] (SAFE): The skill's instructions are highly structured, requiring the agent to output specific evidence-based checklists. There are no directives to ignore safety guidelines or override system prompts.- [INDIRECT_PROMPT_INJECTION] (LOW): The skill exhibits an attack surface for indirect prompt injection as it processes untrusted data (source code in a repository). Ingestion points: Reads files in crates/ via Read and Grep. Boundary markers: None explicitly defined to separate code from instructions. Capability inventory: Access to Bash and file reading. Sanitization: No explicit sanitization of the code content being reviewed. While an attacker could place instructions in code comments, the risk is minimized by the skill's requirement for structured output (rule-evidence pairs).

openlark-code-standards