The Agent Skills Directory

[SAFE]: The skill is a dedicated security analysis tool for agent skills. Its operations are focused on retrieving and analyzing external skill files to provide safety recommendations, and it does not contain any instructions that attempt to bypass safety filters or exfiltrate user data.
[EXTERNAL_DOWNLOADS]: The file references/attack_patterns.md contains a reference to http://malicious.site/beacon?id=. Automated scans correctly identified this as a botnet-associated URL; however, in the context of this skill, it is used solely as a static example of a malicious pattern for the evaluator to identify in other skills. It is not part of an executable command or a functional network request.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface as it is designed to process untrusted content from the web.
Ingestion points: Skill definitions and scripts are retrieved from GitHub repositories and external websites via MCP tools.
Boundary markers: The skill lacks explicit technical delimiters to separate untrusted content from its internal instructions, relying instead on its role-based logic as an evaluator.
Capability inventory: The skill can fetch remote content and write assessment reports to the /mnt/user-data/outputs/ directory.
Sanitization: The skill does not implement specific sanitization or escaping for the content it analyzes, though its primary function is analysis rather than execution.

agent-skill-evaluator