The Agent Skills Directory

[SAFE]: The skill operates as a data-collection wizard for vulnerability reporting, storing information locally in '.ipa-sec-todokede/report.json'.\n- [DATA_EXFILTRATION]: While sensitive vulnerability details are collected, the skill lacks any network-facing capabilities to transmit this information externally.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface. Ingestion points: User-provided strings for URLs, descriptions, and reproduction steps are collected and stored. Boundary markers: None present to separate untrusted user input from the JSON structure. Capability inventory: The skill uses local file-write access to initialize the report file. Sanitization: No validation or sanitization of input strings is performed. This is assessed as safe as the skill is intended for local documentation and manual review.

start