The Agent Skills Directory

[NO_CODE] (SAFE): The skill is implemented entirely through Markdown instructions and templates. It contains no executable Python, JavaScript, or binary files, which significantly reduces the technical attack surface.\n- [DATA_EXFILTRATION] (SAFE): The skill instructions direct the agent to create and write to local Markdown files (e.g., insights.md) to store user thoughts. This behavior is transparent, localized, and directly serves the skill's primary purpose without accessing sensitive system data or exfiltrating information.\n- [EXTERNAL_DOWNLOADS] (SAFE): In the validation stage, the skill performs web searches to verify user concepts. This is a standard informational capability of the agent and does not involve downloading or executing external scripts or packages.\n- [PROMPT_INJECTION] (SAFE): While the skill ingests user input to generate file content and search queries, it lacks any instructions to override system prompts or bypass safety filters. The risk of indirect prompt injection is inherent to the writing assistant use case and is not exacerbated by malicious internal patterns. Ingestion point: User thoughts in stages/01-mining.md; Boundary markers: Absent; Capability inventory: File-write, web search; Sanitization: Absent.

thought-mining