The Agent Skills Directory

[SAFE]: No malicious code, scripts, or executable commands were found in the skill. All files consist strictly of natural language instructions, response patterns, and training examples.\n- [SAFE]: The skill uses placeholders like [NAME], [EMAIL], and [ADDRESS] throughout the reference examples and verbatim logs, ensuring no actual PII or sensitive data is exposed.\n- [SAFE]: External URLs in the real-responses.md file point to legitimate email marketing infrastructure (ConvertKit, Postmark) and official vendor domains (epicreact.dev, totaltypescript.com, epicweb.dev). No suspicious or unknown third-party domains were detected.\n- [SAFE]: A sequence of zero-width characters (U+200B, U+200C, etc.) was identified in references/real-responses.md. These are common artifacts in marketing emails used to pad 'preview text' and do not contain hidden instructions or malicious payloads.\n- [SAFE]: Evaluated for indirect prompt injection risk. Although the skill is designed to process untrusted customer queries, it possesses no dangerous capabilities such as file system access, network operations, or code execution. The lack of functional tools (NO_CODE) prevents the exploitation of any potential injection surface.\n
Ingestion points: Customer questions in SKILL.md and reference examples.\n
Boundary markers: Absent, but not required for safety given the lack of capabilities.\n
Capability inventory: None. The skill contains no executable scripts or tool definitions.\n
Sanitization: Not applicable.

installment-payment-option