The Agent Skills Directory

[General Security Assessment] (SAFE): The skill consists entirely of markdown templates and Python scripts using only the standard library. No obfuscation or malicious intent was detected.
[Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file access (like SSH keys), or network operations were found. All data processing is performed locally on user-provided files.
[Command Execution] (SAFE): Scripts utilize standard modules like argparse and re for processing. There is no usage of os.system, subprocess, or eval for command execution.
[Remote Code Execution] (SAFE): No patterns of remote script execution or external package installation were detected.
[Indirect Prompt Injection] (LOW): The validation scripts ingest untrusted clinical report files for regex-based analysis, representing a minor ingestion surface.
Ingestion points: File paths provided to scripts in the scripts/ directory (e.g., compliance_checker.py).
Boundary markers: Absent; scripts perform regex matching on raw text content.
Capability inventory: Limited to file reading, writing output to JSON/Markdown, and copying template files via shutil. No network or sub-process capabilities are present.
Sanitization: Absent; however, the risk is negligible as script output is not executed and the patterns matched (vitals, ICD-10 codes) are strictly for informational display.

clinical-reports