The Agent Skills Directory

Prompt Injection (SAFE): No instructions to bypass safety filters, ignore previous rules, or extract system prompts were detected.- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths (e.g., SSH keys, AWS configs), or network exfiltration commands (e.g., curl, wget) are present.- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform any package installations (npm, pip) or execute remote scripts. It is entirely prompt-based.- Persistence & Privilege Escalation (SAFE): There are no commands to modify system startup files, cron jobs, or acquire administrative privileges (sudo).- Indirect Prompt Injection (LOW): The skill ingests user-provided data such as company profiles and jurisdictions to populate templates using placeholders like {{CompanyName}}. While this constitutes an ingestion surface for untrusted data, the skill lacks any execution capabilities (such as subprocess calls or eval) that would allow for exploitation. Furthermore, the instructions explicitly mandate refusing non-compliant or discriminatory guidance.

hr-pro