The Agent Skills Directory

Standard Library Implementation (SAFE): The skill is implemented using only Python standard libraries (csv, re, math, etc.), which eliminates risks associated with unverified or malicious third-party dependencies.
Restricted File Operations (SAFE): File access is strictly limited to reading CSV files from a local 'data' directory. All filenames are hardcoded in the configuration, and user-provided search parameters (domain and stack) are validated against static allow-lists, preventing path traversal or arbitrary file access.
Absence of Network/Execution Capabilities (SAFE): The code does not contain any functions for making network requests (e.g., requests, urllib) or executing system commands (e.g., subprocess, os.system). There is no use of dynamic execution functions like eval() or exec().
Indirect Prompt Injection Surface (INFO): The skill ingests untrusted data from local CSV files for display. Evidence: 1. Ingestion points: core.py via _load_csv() reading data/*.csv. 2. Boundary markers: Absent. 3. Capability inventory: Display results only; no network, no shell, no file-write. 4. Sanitization: search.py truncates output to 300 characters. Because the skill has no side-effect capabilities, the risk tier is INFO.

ui-ux-pro-max