The Agent Skills Directory

[Indirect Prompt Injection] (SAFE): The skill defines a schema including on_enter and on_exit fields described as "natural language expressions." This represents an indirect prompt injection surface if the data is processed by an agent without proper sandboxing. However, the skill itself lacks the high-privilege capabilities (network, shell, etc.) necessary to facilitate a dangerous exploit.
Ingestion points: CONTAINER.yml (processed via read_file)
Boundary markers: Absent in the skill documentation.
Capability inventory: read_file, write_file.
Sanitization: Not explicitly mentioned in the skill definition.
[Data Exposure & Exfiltration] (SAFE): While the skill uses file system tools, it does not access sensitive paths (e.g., SSH keys, credentials) and contains no network exfiltration patterns.
[Adversarial Analysis] (SAFE): The provided skill-snitch-report.md file contains self-attestations of safety and a "Risk Level: ZERO" claim. Following the 'assume-malicious' posture, these claims were disregarded and the skill was audited independently. The analysis confirms the skill is a benign organizational tool.

container