The Agent Skills Directory

[SAFE]: The skill provides documentation and code snippets for a well-known observability tool (MLflow). All external resources, such as Python and Node.js packages, refer to legitimate, widely-used libraries.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill explicitly promotes security-positive behavior by providing a 'PIIRedactionProcessor' implementation in references/advanced-patterns.md to prevent sensitive data like emails, credit card numbers, and API keys from being logged to traces.
[CREDENTIALS_UNSAFE]: Example configurations in references/production.md use standard environment variable placeholders (e.g., MLFLOW_TRACKING_PASSWORD="password") and correctly recommend against hardcoding secrets.
[EXTERNAL_DOWNLOADS]: The skill references installation of standard packages (mlflow, mlflow-tracing) from official registries (PyPI, NPM). These are documented neutrally as required setup steps.
[INDIRECT_PROMPT_INJECTION]: While the skill involves processing trace data that may contain LLM inputs/outputs, the provided verification code in SKILL.md only inspects structural metadata (span names and types) rather than raw content, minimizing the surface for indirect injection.

instrumenting-with-mlflow-tracing