The Agent Skills Directory

[Prompt Injection] (SAFE): The skill contains standard instructional content for Java testing and does not attempt to override agent safety protocols or extract system prompts.- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or network-enabled commands (like curl or wget) were found in the scripts or documentation.- [Obfuscation] (SAFE): All code and documentation are provided in cleartext. No Base64, zero-width characters, or other obfuscation techniques were detected.- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The validation script uses the standard 'PyYAML' library for parsing local configuration files. There are no patterns of downloading or executing remote scripts.- [Dynamic Execution] (SAFE): The script 'scripts/validate.py' uses 'yaml.safe_load()', which is the recommended practice to prevent arbitrary code execution during YAML parsing. No 'eval()' or 'exec()' calls are present.- [Indirect Prompt Injection] (LOW): The skill ingests 'assets/config.yaml' for validation purposes. This represents a surface for untrusted data ingestion, but because the script uses safe parsing and has no high-privilege capabilities (like network or write access), the risk is minimal.

java-testing-advanced