The Agent Skills Directory

[SAFE] (SAFE): The skill is composed entirely of educational reference material. There are no executable scripts, configuration files, or instructions that would cause the agent to perform dangerous actions.
[CREDENTIALS_UNSAFE] (SAFE): While the documentation contains placeholder strings for API keys and secrets (e.g., 'sk-12345', 'AKIAIOSFODNN7EXAMPLE'), these are explicitly used in 'VULNERABLE' code examples to demonstrate what to look for during a security audit. They are not active or sensitive credentials.
[COMMAND_EXECUTION] (SAFE): The files describe OS command injection vulnerabilities and provide examples of dangerous functions (like os.system), but the skill itself does not invoke any system commands.
[DATA_EXFILTRATION] (SAFE): No network operations or data transmission logic is present. The documentation describes exfiltration patterns only to help the agent identify them in other codebases.

security-review