The Agent Skills Directory

Category 1: Prompt Injection (SAFE): No instructions were found that attempt to override agent behavior, bypass safety filters, or extract system prompts.
Category 2: Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network exfiltration patterns (such as curl to external domains) were found. Use of jstack and jcmd in documentation is standard for Java diagnostics.
Category 3: Obfuscation (SAFE): No Base64, zero-width characters, homoglyphs, or other encoding techniques intended to hide malicious content were detected.
Category 4: Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not define external package dependencies (e.g., requirements.txt) or download/execute remote scripts.
Category 8: Indirect Prompt Injection (SAFE): While the skill enables file reading and bash execution (surface for indirect injection), it lacks patterns of unsafe interpolation or automated processing of attacker-controlled data without user intervention.
Category 10: Dynamic Execution (SAFE): The provided Python script scripts/validate.py uses yaml.safe_load() and does not employ unsafe dynamic execution methods like eval() or exec().

java-concurrency