analyse-problem

The skill analyse-problem is entirely defined within a Markdown file (SKILL.md). It serves as a descriptive template and does not contain any executable code, shell commands, or references to external scripts or binaries.

1. Prompt Injection: The skill uses instructional language like 'IMPORTANT' and 'critical' in a benign context within its 'Notes' section, which is not indicative of prompt injection attempts. There are no patterns for role-play, instruction overriding, or system prompt extraction.
2. Data Exfiltration: No commands for file system access (e.g., cat, read), sensitive file paths (e.g., ~/.aws/credentials, ~/.ssh/id_rsa), or network operations (e.g., curl, wget, fetch) are present.
3. Obfuscation: No Base64 encoding, zero-width characters, Unicode homoglyphs, or other obfuscation techniques were detected.
4. Unverifiable Dependencies: There are no npm install, pip install, yarn add, git clone, or similar commands that would introduce external, unverified dependencies.
5. Privilege Escalation: No sudo, doas, chmod, or other commands that attempt to escalate privileges are present.
6. Persistence Mechanisms: No attempts to modify system configuration files, user profiles (.bashrc), or create scheduled tasks (crontab) were found.
7. Metadata Poisoning: The skill's name, description, and argument hint are benign and accurately reflect its purpose.
8. Indirect Prompt Injection: As a purely descriptive template, the skill itself does not process external, untrusted data in a way that would lead to indirect prompt injection within its own execution. It structures user input, which is then presented as a template.
9. Time-Delayed / Conditional Attacks: No conditional logic or time-based triggers are present, as there is no executable code.

Given that the skill is purely descriptive and contains no executable components, it is considered safe.