The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a Python script (wiki_review.py) which handles all logic locally. No arbitrary shell commands or subprocess spawning were found. The script uses standard libraries like argparse and pathlib for controlled execution.
[DATA_EXFILTRATION]: No network-related modules (e.g., requests, urllib, socket) are used. Data flow is restricted to reading and writing local Markdown and JSON state files within the project's wiki/ directory.
[REMOTE_CODE_EXECUTION]: The skill does not use dynamic execution functions like eval() or exec(). It relies on the fsrs library for scheduling calculations, which is a standard mathematical library.
[PROMPT_INJECTION]: The SKILL.md file contains standard operational instructions and safety constraints for the agent (e.g., 'do not invent or fill in missing user internalization content'). No adversarial patterns or bypass attempts were identified.
[EXTERNAL_DOWNLOADS]: Dependencies listed in requirements.txt (fsrs, PyYAML, pytest, ruff, basedpyright) are standard, well-known open-source packages from the official PyPI registry.
[CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or sensitive environmental configuration access patterns were found. The skill manages its own state through local files without requiring external authentication.

wiki-review