The Agent Skills Directory

[Prompt Injection] (SAFE): Documentation files include formatting templates and instructional examples that guide the AI's output structure without attempting to override system constraints or safety protocols.\n- [Data Exposure & Exfiltration] (SAFE): File operations are restricted to the local filesystem for zipping and validation tasks. No sensitive file paths are targeted, and no network operations are present.\n- [Remote Code Execution] (SAFE): The scripts do not download or execute remote code. All logic is self-contained or uses standard Python libraries.\n- [Dynamic Execution] (SAFE): Metadata parsing is performed using yaml.safe_load(), which is resilient against YAML-based deserialization attacks. No use of dynamic execution functions like eval() or exec() with user-controlled data was found.\n- [Indirect Prompt Injection] (LOW): The quick_validate.py script acts as an ingestion point for untrusted SKILL.md content, but it employs safe parsing, strict allowlisting, and regex-based validation to mitigate potential injection risks.

skill-creator