The Agent Skills Directory

[SAFE]: No security risks were identified. The skill is designed for developer productivity within the Rhino Health ecosystem and follows security best practices.
[CREDENTIALS_UNSAFE]: The skill explicitly instructs against hardcoding credentials, mandating the use of 'getpass()' for authentication. It includes a pre-execution validation script ('validate_sdk_imports.py') that checks for and warns against plaintext passwords in generated code.
[DATA_EXFILTRATION]: All network operations are performed through the 'rhino-health' SDK, communicating with the platform's official endpoints (e.g., FCP and ECR). The skill does not access sensitive local file paths (like SSH keys or AWS credentials) and focuses on processing data within the platform's secure federated architecture.
[PROMPT_INJECTION]: The instructions are highly structured and prescriptive, focusing on technical workflow planning and metric selection. No patterns attempting to bypass agent safety guidelines or leak system prompts were detected.
[REMOTE_CODE_EXECUTION]: While the skill assists in creating and running compute objects on the Rhino Health platform, this is a documented feature of the federated analytics SDK. The agent generates configuration and code for these objects based on user requirements; it does not execute arbitrary remote scripts or piped shell commands.

rhino-sdk