The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocesses to execute standard administrative and operational commands, such as 'sops' for secret management and 'pytest' for verifying the installation. These calls are directed at local files and known binaries.
[CREDENTIALS_UNSAFE]: The tool collects API keys for LLM and voice services. It implements secure storage practices by encrypting these keys using SOPS or setting restricted file permissions (chmod 600) when encryption is unavailable. No hardcoded secrets were found in the source code.
[EXTERNAL_DOWNLOADS]: Network requests are performed using 'urllib.request' for legitimate purposes: validating Gemini API keys via Google's official API and provisioning voice interview rooms via the Daily.co REST API. All targets are well-known, trusted service providers.
[DATA_EXFILTRATION]: No patterns of unauthorized data transmission were detected. Session data and transcripts are stored locally within the user-defined data home directory.
[PROMPT_INJECTION]: The skill uses standard prompts for data extraction and synthesis. There are no instructions that attempt to bypass the underlying model's safety guidelines or extract system prompts.

skill-studio