The Agent Skills Directory

[DATA_EXPOSURE]: The skill operates on local artifacts (CSV and JSON files) containing review data and statistical metadata. It does not perform any network operations or access sensitive system paths (e.g., SSH keys, environment variables).
[PROMPT_INJECTION]: The instructions in SKILL.md define a robust workflow for attribute extraction and theory mapping. No malicious override patterns, jailbreak attempts, or safety filter bypasses were identified.
[REMOTE_CODE_EXECUTION]: All computation is performed using standard, verifiable Python libraries such as pandas, scikit-learn, and scipy. There is no evidence of dynamic code execution (eval/exec) or the downloading of remote payloads.
[INDIRECT_PROMPT_INJECTION]: The skill represents an attack surface for indirect prompt injection because it processes untrusted customer reviews. However, the risk is mitigated as the reviews are processed through statistical clustering and modeling techniques that do not interpret text as instructions. Boundary markers and workflow contracts are defined to maintain data integrity.
Ingestion points: Raw review text is read from 'review_scoring_table.csv'.
Boundary markers: The instructions explicitly define a 'workflow contract' and 'workflow boundary' separating data collection from script execution.
Capability inventory: Subprocess calls are limited to standard statistical analysis and report generation via the 'stp_runner' module. No file-write operations occur outside of the designated output directory.
Sanitization: Reviews are treated as string data for analysis and quoted verbatim in reports as evidence.

review-mining-stp