The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill processes untrusted text (assistant responses and prior user messages) which could theoretically contain malicious instructions. However, the skill lacks any dangerous capabilities—such as network access, file system operations, or command execution—meaning it cannot be used as a vector for system compromise. The risk is limited to potential manipulation of the evaluation output.
No-Code Skill (SAFE): No scripts or binaries are included; the functionality is entirely prompt-driven and operates within the agent's standard conversational boundaries.

eval-conversation-flow