The Agent Skills Directory

SAFE (SAFE): No malicious patterns or security risks were detected in the source code or metadata.
Category 7: Metadata (INFO): The skill metadata contains self-referential safety claims ("A harmless utility skill", "does nothing dangerous"). While these are data points for evaluation rather than authoritative conclusions, the code analysis confirms the claims in this specific instance.
Category 8: Indirect Prompt Injection (LOW): The greet function in index.js accepts a name parameter which could be sourced from untrusted data. However, the skill has no destructive capabilities (no network, no file writes, no command execution) that could be leveraged if an injection occurred within the parameter.

clean-skill