The Agent Skills Directory

[SAFE]: The skill is purely instructional and analytical, focusing on teaching and enforcing defensive programming techniques such as input validation, assertion management, and secure exception handling.
[SAFE]: No instances of prompt injection, data exfiltration, or hardcoded credentials were found. The skill explicitly emphasizes security-critical validation for external inputs.
[SAFE]: The skill does not perform any network operations, remote script downloads, or package installations. All references are to internal documentation or established software engineering literature.
[SAFE]: No obfuscation or persistence mechanisms are present. The logic is transparent and aligned with its stated purpose of improving code quality.
[SAFE]: Use of platform-specific variables (e.g., $CLAUDE_PLUGIN_ROOT) is restricted to navigating the skill's own file structure for referencing checklists and documentation.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze user-provided code in its CHECKER and APPLIER modes. While this creates a surface for indirect prompt injection (where instructions hidden in code could attempt to influence the agent), the skill lacks any 'dangerous' capabilities—such as file writes or shell execution—that could be exploited. The output is limited to text-based tables and recommendations, effectively neutralizing the risk.

cc-defensive-programming