The Agent Skills Directory

Prompt Injection (SAFE): The skill contains instructional content regarding API capabilities and workflows without any attempts to bypass safety filters or override system instructions.
Data Exposure & Exfiltration (SAFE): Network operations are restricted to the legitimate API endpoint (mindicador.cl). No sensitive local files are accessed, and no credentials or secrets are hardcoded.
Obfuscation (SAFE): No encoded, hidden, or deceptive content (Base64, zero-width characters, etc.) was found in the scripts or documentation.
Unverifiable Dependencies & Remote Code Execution (SAFE): The scripts rely on standard libraries (Python's urllib, Node.js builtin fetch) and common system utilities (curl). There are no external package installations or remote script executions.
Privilege Escalation (SAFE): No commands requiring elevated privileges (sudo, chmod 777) are present.
Indirect Prompt Injection (LOW):
Ingestion points: API responses are ingested in scripts/fetch_indicator.py, scripts/fetch_indicator.mjs, scripts/get_all_indicators.sh, and scripts/get_indicator.sh.
Boundary markers: Strong input validation is present; indicator slugs are whitelisted, and dates/years are validated against strict regex patterns.
Capability inventory: Capabilities are limited to network GET requests and printing results to standard output. No execution of fetched data occurs.
Sanitization: Input is sanitized via whitelisting. Output is parsed as JSON, mitigating script injection risks.
Dynamic Execution (SAFE): The skill does not generate or execute code at runtime and avoids unsafe deserialization methods.

mindicador-api