The Agent Skills Directory

[SAFE]: The skill consists entirely of natural language instructions for reasoning and does not include any scripts, binaries, or executable content.
[DATA_EXFILTRATION]: There are no network-enabled commands or references to external data sinks detected in the instructions.
[CREDENTIALS_UNSAFE]: The skill does not attempt to access sensitive environment variables, hardcoded secrets, or private configuration directories like .ssh or .aws.
[INDIRECT_PROMPT_INJECTION]: The skill is instructed to read local files to find architectural precedents (SKILL.md). While this is a data ingestion point, the skill lacks the capability to execute commands or exfiltrate data, which neutralizes the risk of indirect prompt injection.

sensei-tradeoff