The Agent Skills Directory

SAFE (SAFE): The skill was audited across all 10 threat categories and no issues were found. The content consists of legitimate technical documentation and a placeholder script.- COMMAND_EXECUTION (SAFE): The documentation mentions standard development commands such as sphere-cli and make. These are used for project scaffolding and code generation within the user's local environment and do not involve suspicious execution patterns or remote script piping.- PROMPT_INJECTION (SAFE): No instructions designed to override agent behavior, bypass safety filters, or extract system prompts were detected.- DATA_EXPOSURE (SAFE): The skill does not access sensitive file paths (like ~/.ssh or .env) and contains no hardcoded credentials or secrets.- INDIRECT_PROMPT_INJECTION (SAFE): Although the skill directs the agent to read repository structures, this is an intended behavior for a development guide. There is no evidence of the skill processing untrusted external data in a way that would trigger a high-risk injection. Evidence Chain: 1. Ingestion point: Local file system (repository layout). 2. Boundary markers: Absent. 3. Capability inventory: make and sphere-cli execution. 4. Sanitization: Absent. Given the context of a development assistant, this surface is considered safe.

sphere-framework