The Agent Skills Directory

[SAFE]: The skill follows its stated purpose of monitoring Certificate Transparency logs for threat intelligence without any hidden malicious behavior or safety bypass attempts.
[EXTERNAL_DOWNLOADS]: Fetches certificate metadata from reputable security research services, including Sectigo's crt.sh and Calidog's Certstream. These connections are documented and serve a legitimate security function.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted certificate data from external CT logs and includes it in generated reports. However, given the security context, the risk is categorized as low/safe surface exposure.
Ingestion points: CT log entries retrieved via the crt.sh JSON API and certstream WebSocket feed.
Boundary markers: No explicit delimiters are used when interpolating external strings into report templates.
Capability inventory: File writing capabilities (generate_ct_report) are used to save the intelligence report locally.
Sanitization: The skill performs string analysis (Levenshtein distance, homoglyph mapping) but does not apply markdown escaping to the certificate metadata before writing it to the report file.
[COMMAND_EXECUTION]: All code logic involves safe string processing, network requests to defined APIs, and local report generation. No arbitrary shell execution or unsafe dynamic code loading was detected.

analyzing-certificate-transparency-for-phishing