The Agent Skills Directory

[SAFE]: The skill is purely instructional and documentation-focused. It provides the agent with specific rules for generating LMX markup and does not include any executable scripts, remote dependencies, or network-bound operations.- [COMMAND_EXECUTION]: While a curl command is present in the documentation file references/lmx-spec.md, it is inside a <CodeBlock> element as a static example for the user. It is not intended for execution by the agent.- [DATA_EXFILTRATION]: No exfiltration patterns were identified. The variables described (e.g., {contact.firstName}) are standard email merge tags used for template rendering and are not used to harvest system-level credentials or perform network exfiltration.- [SAFE]: The skill processes user-provided email content, which constitutes an ingestion point for untrusted data (Indirect Prompt Injection surface). However, the risk is minimal as the skill lacks high-risk capabilities like file system modification or network access. The agent is also instructed to follow a strict technical specification and output checklist, providing natural boundaries for the task. 1. Ingestion points: User-provided email drafts or requests triggered via SKILL.md. 2. Boundary markers: Explicit instructions to follow references/lmx-spec.md as authoritative and use the provided Output Checklist. 3. Capability inventory: No subprocess, exec/eval, file-write, or network operations are present. 4. Sanitization: The LMX specification requires XML entity escaping for special characters.

loops-lmx