The Agent Skills Directory

[Prompt Injection] (SAFE): The skill contains instructional content for the agent to use specific tools and follow project architectures. No instructions were found that attempt to subvert AI safety guidelines or extract system prompts.- [Command Execution] (SAFE): Included scripts (start-mcp.js, package_skill.py) perform local command execution (e.g., npm build, lsof) to manage the MCP server and package the skill. These operations are restricted to the local environment and are necessary for the skill's primary function.- [Data Exposure & Exfiltration] (SAFE): No credentials or sensitive data are hardcoded. File paths are local to the Godot environment, and no external data transmission was detected.- [Indirect Prompt Injection] (LOW): The context7-auto-research component automatically fetches web documentation based on keywords. While this creates a potential surface for indirect injection from malicious external documentation, it is an intended feature for developer research and is managed by standard agent safeguards. Evidence: 1. Ingestion: WebFetch via Context7; 2. Boundary: Markdown headers; 3. Capability: Local script execution and file writing via MCP; 4. Sanitization: None.- [Obfuscation] (SAFE): No encoded strings, hidden characters, or homoglyphs were found in the skill files.

godot-skills