The Agent Skills Directory

[PROMPT_INJECTION] (SAFE): The skill contains no malicious overrides or bypass instructions. It explicitly teaches developers to include security policy blocks and maintain role boundaries in the skills they create to prevent jailbreaks and instruction overrides.- [DATA_EXFILTRATION] (SAFE): No hardcoded secrets or sensitive data exposure detected. Documentation uses standard placeholders (e.g., 'ghp_xxxxxxxx') for configuration examples. Filesystem access is limited to the skill packaging process via package_skill.py.- [REMOTE_CODE_EXECUTION] (SAFE): No unverifiable remote downloads or execution patterns. The provided Python scripts (package_skill.py, quick_validate.py, encoding_utils.py) are well-structured, use standard libraries (zipfile, re, pathlib), and perform only local validation and archival tasks.- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill's workflow involves fetching external research data, it includes specific mitigations: quick_validate.py sanitizes metadata by rejecting angle brackets, and the documentation mandates the use of scope boundaries and security footers to handle untrusted input safely.

skill-creator