The Agent Skills Directory

[SAFE]: No malicious patterns or security risks were identified in the analyzed skill files.
[COMMAND_EXECUTION]: The provided Python script scripts/agent.py performs local file system operations (read, stat, walk) and calculates SHA256 hashes for directory snapshotting. These operations are consistent with the skill's stated purpose of ransomware detection and do not involve arbitrary command execution or shell injection.
[EXTERNAL_DOWNLOADS]: The skill references standard, well-known Python libraries watchdog and psutil for file system and process monitoring. No untrusted or remote code downloads were detected.
[DATA_EXFILTRATION]: There are no network operations or external data transfer mechanisms present in the provided scripts. All analysis is performed locally.
[PROMPT_INJECTION]: The instructions in SKILL.md and references/api-reference.md are purely technical and educational, containing no attempts to override agent behavior or bypass safety guidelines.
[CREDENTIALS_UNSAFE]: No hardcoded credentials, API keys, or sensitive secrets were found in the skill content.
[DATA_EXPOSURE]: While the script reads file contents to calculate entropy, this is restricted to the directory path provided by the user and is used only for local mathematical analysis.

detecting-ransomware-encryption-behavior