The Agent Skills Directory

[Prompt Injection] (SAFE): No instructions found that attempt to bypass safety filters, override system instructions, or extract system prompts. The content is strictly limited to financial analysis logic.
[Data Exposure & Exfiltration] (SAFE): No access to sensitive file paths, environment variables, or hardcoded credentials. No network operations (curl, wget, fetch) are present to send data externally.
[Obfuscation] (SAFE): The markdown content is plain text and easily readable. There is no evidence of Base64 encoding, zero-width characters, homoglyphs, or hex escapes.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): No external scripts are downloaded or executed. There are no package files (package.json, requirements.txt) or commands that install software.
[Privilege Escalation] (SAFE): The skill does not use administrative commands like sudo, chmod, or registry modifications.
[Persistence Mechanisms] (SAFE): No attempts to modify shell profiles, cron jobs, or startup services were detected.
[Metadata Poisoning] (SAFE): Metadata fields (name, description) accurately reflect the skill's purpose without embedding hidden malicious instructions.
[Indirect Prompt Injection] (LOW): The skill is designed to process external financial data (untrusted input). While this creates an attack surface for indirect prompt injection, the skill lacks the capabilities (like network access or command execution) to cause harm even if instructions were embedded in the processed data.
[Time-Delayed / Conditional Attacks] (SAFE): No logic exists that gates actions based on time, date, or specific environmental conditions.
[Dynamic Execution] (SAFE): No runtime code generation, compilation, or unsafe deserialization (e.g., pickle, eval) is performed.

sec-km1-misleading-metrics