The Agent Skills Directory

[SAFE] (SAFE): No security issues detected across any threat categories.
Prompt Injection: Documentation in references/ provides templates and examples for high-quality agent output, but contains no instructions designed to override system prompts or bypass safety filters.
Data Exposure & Exfiltration: No network operations, hardcoded credentials, or access to sensitive local file paths (e.g., SSH keys, AWS creds) were found. scripts/package_skill.py only interacts with user-specified skill directories.
Obfuscation: No Base64, zero-width characters, homoglyphs, or other encoding techniques used to hide malicious intent.
Unverifiable Dependencies: The scripts use standard Python libraries (pathlib, zipfile, re). The yaml dependency is a standard industry package.
Dynamic Execution: scripts/quick_validate.py correctly uses yaml.safe_load() to parse frontmatter, mitigating risks associated with unsafe deserialization. No use of eval(), exec(), or runtime code generation.

skill-creator