The Agent Skills Directory

Indirect Prompt Injection (INFO): The scripts (api_scaffolder.py, database_migration_tool.py, api_load_tester.py) take a target path as input. While this represents a potential data ingestion point, the current implementation consists of empty analyze methods that do not process the content of files, posing no risk in their current state.\n- External Downloads (INFO): The SKILL.md file contains instructions for npm install and pip install, but no dependency manifest files (package.json, requirements.txt) are included in the skill payload, precluding the analysis of specific third-party packages.\n- Command Execution (SAFE): No dangerous system calls, shell injections, or arbitrary command execution patterns were found in any of the provided scripts.\n- Data Exfiltration (SAFE): No hardcoded credentials, sensitive file path access, or network exfiltration patterns were detected.

senior-backend