The Agent Skills Directory

[SAFE]: Analysis of the skill instructions and code patterns revealed no malicious behavior. The skill focuses on legitimate multi-agent orchestration within the iii engine ecosystem.
[COMMAND_EXECUTION]: The skill utilizes trigger and registerFunction primitives. These are used for internal task routing and function execution within the engine and do not provide a mechanism for arbitrary operating system command injection.
[DATA_EXFILTRATION]: No patterns indicative of data exfiltration were found. Data movement is restricted to internal shared state and named queues as defined by the architecture.
[PROMPT_INJECTION]: The pattern describes a multi-agent system that ingests external data (e.g., via HTTP triggers), which presents a theoretical surface for indirect prompt injection. However, no malicious instructions or bypass attempts were found in the skill content. Ingestion points: registerTrigger({ type: 'http' }) in SKILL.md. Boundary markers: None explicitly mentioned in the patterns. Capability inventory: Function triggering and LLM inference as described in SKILL.md. Sanitization: Not explicitly implemented in the reference examples.

agentic-backend