difficult-workplace-conversations

The skill consists of six Markdown files (README.md, SKILL.md, and four files in the references/ directory). These files provide frameworks, advice, and templates for managing challenging conversations.

1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'Override', 'DAN' prompts) were found in any of the files. The language is consistently instructional and helpful.
2. Data Exfiltration: While the SKILL.md declares allowed-tools: Read, Glob, Grep, the content of the skill itself does not contain any instructions or code that would utilize these tools to access sensitive user data or exfiltrate it to external servers. There are no curl, wget, or similar commands, nor any references to sensitive file paths in a malicious context.
3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, Unicode homoglyphs, or URL/hex/HTML encoding were detected in any of the Markdown files.
4. Unverifiable Dependencies: The skill references other .md files within its own references/ directory, which are part of the skill's package. It also mentions 'Related Skills' which are references to other skills, not external code downloads or dependencies. No instructions for installing external packages or cloning repositories were found.
5. Privilege Escalation: There are no commands or instructions that would attempt to escalate privileges (e.g., sudo, chmod 777, modifying system files).
6. Persistence Mechanisms: No instructions for establishing persistence (e.g., modifying shell configuration files, creating cron jobs, or systemd services) were found.
7. Metadata Poisoning: The name and description fields in SKILL.md, as well as the content of README.md, are benign and accurately reflect the skill's purpose.
8. Indirect Prompt Injection: As a purely instructional skill, it does not process arbitrary external user input in a way that could lead to indirect prompt injection into its own logic. It provides guidance to the user, rather than being a system that processes untrusted data.
9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, usage, versions, or environment variables was found.

In conclusion, this skill is a static, informational resource and poses no security risks.