The Agent Skills Directory

Prompt Injection (SAFE): The skill contains no instructions to bypass safety filters or ignore previous rules. It adheres strictly to its stated purpose of project management estimation.
Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or network operations (curl, fetch) are present. The skill operates entirely within the text context.
Obfuscation (SAFE): No Base64, zero-width characters, or encoded strings were detected. All content is human-readable markdown and pseudo-code.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not define any external packages (npm, pip) or attempt to download/execute remote scripts. The TypeScript block provided is for illustrative calculation logic only.
Indirect Prompt Injection (LOW): While the skill processes user-provided task descriptions, it lacks any dangerous capabilities (network, file system, command execution) that could be exploited via malicious input. The risk is negligible as it merely outputs formatted text.
Privilege Escalation & Persistence (SAFE): There are no commands related to administrative access, service installation, or persistence in shell profiles.

task-estimation