The Agent Skills Directory

[SAFE] (SAFE): Documentation-only skill. The analyzed files (SKILL.md, schema-reference.md, validation-rules.md) consist entirely of Markdown text, YAML examples, and architectural diagrams. There are no executable scripts (.py, .js, .sh), binaries, or active configuration files.
[NO_CODE] (SAFE): No functional code is present. The C# code snippet and Bash command examples provided in the documentation are strictly for reference and do not constitute executable components of the skill itself.
[COMMAND_EXECUTION] (SAFE): The skill frontmatter restricts allowed tools to 'Read, Glob, Grep'. These are passive inspection tools. No 'Execute' or 'Shell' capabilities are requested or utilized.
[DATA_EXFILTRATION] (SAFE): No network access or hardcoded credentials were detected. The skill refers only to internal repository paths (e.g., schemas/, docs/) and does not interact with external APIs or non-whitelisted domains.
[INDIRECT_PROMPT_INJECTION] (LOW): Vulnerability surface analysis. The skill provides instructions for the agent to parse and validate specification files. While a malicious specification file could attempt to inject instructions into the agent's reasoning (e.g., in a 'problem' description), the skill's lack of write or execute permissions prevents such an injection from achieving side effects beyond local reasoning. Evidence: (1) Ingestion point: Specification files read via 'Read' tool; (2) Boundary markers: Not explicitly defined for spec fields; (3) Capability inventory: Read, Glob, Grep only; (4) Sanitization: None provided as it is a reference guide.

canonical-spec-format