The Agent Skills Directory

Prompt Injection (SAFE): The skill is a utility for improving prompt density. It does not contain instructions to bypass safety filters or override agent behavior.
Data Exposure & Exfiltration (SAFE): The script reads files locally via the Read tool and cat. There are no network operations, hardcoded credentials, or access to sensitive system directories detected.
Obfuscation (SAFE): All logic is presented in clear Bash and Markdown. No Base64, zero-width characters, or other obfuscation techniques were found.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill relies on standard system tools (Bash, grep, tr). It does not download external scripts or install third-party packages.
Indirect Prompt Injection (LOW): While the skill processes untrusted file content (Category 8), it does so as a linter. The file content is analyzed via regex and is never executed or evaluated. Input file paths are handled with standard Bash quoting, minimizing shell injection risks.
Ingestion points: scripts/detect-fluff.sh reads external files provided as arguments.
Boundary markers: The script processes content line-by-line using while read and treats lines as strings for pattern matching.
Capability inventory: Limited to bash, cat, grep, and tr for text processing.
Sanitization: Uses regex matching which inherently treats the input as data rather than executable code.

fluff-detector