The Agent Skills Directory

[SAFE]: No security threats or malicious patterns were identified in the skill instructions. The instructions emphasize the agent's role as a researcher and explicitly prohibit mutations of the codebase or GitHub artifacts.
[DATA_EXFILTRATION]: The skill proactively addresses data exposure by requiring the sanitization of private, customer, and financial information. It specifies that sensitive material must not be quoted or written as raw values in committed artifacts, and no network exfiltration tools are used.
[COMMAND_EXECUTION]: The skill lacks instructions for executing shell commands, scripts, or subprocesses. Its capabilities are strictly limited to file system reads and the creation of research documentation.
[PROMPT_INJECTION]: Regarding indirect prompt injection: (1) Ingestion points: repository files, documentation, and human-supplied context in SKILL.md; (2) Boundary markers: uses readiness decisions and classification gates to process input; (3) Capability inventory: restricted to writing markdown files (research.md) and updating local ledger state; (4) Sanitization: comprehensive instructions for redacting sensitive data and identifying explicit uncertainties.

gadd-research