The Agent Skills Directory

[SAFE]: The install.sh script uses standard bash commands (mkdir, rm, ln) to create a symbolic link for the skill in the user's home directory (~/.trae-cn/skills). This is a common and expected installation procedure for local IDE skills and does not involve privilege escalation or unauthorized system modifications.
[SAFE]: The skill operates entirely on local resources, including references/rules.md and assets/report-template.md. It does not attempt to access sensitive files, perform network communication, or use hardcoded credentials.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user articles. Ingestion points: User article input as defined in SKILL.md and README.md. Boundary markers: None. Capability inventory: No dangerous capabilities (no file-write, network operations, or subprocess execution) were identified in the skill logic. Sanitization: None. Although the skill has an ingestion surface, it possesses no dangerous tools or capabilities that could be exploited via injection.
[SAFE]: No signs of obfuscation, hidden instructions, or malicious persistence mechanisms were found across the skill files.

article-checker