The Agent Skills Directory

[SAFE]: The skill's primary purpose is to assist with regulatory compliance documentation. All scripts and templates analyzed are consistent with this purpose.
[COMMAND_EXECUTION]: The skill includes a Python script (scripts/gap_analyzer.py) designed to be run by the user. Analysis of the source code confirms it only performs local file system operations (reading documents and writing a JSON report) and uses only standard Python libraries.
[DATA_EXFILTRATION]: There are no network operations, API calls, or telemetry features detected in the script or instructions. All analysis is performed locally on the user's machine.
[CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or credentials were found in the templates or scripts. The templates correctly use placeholders like [NAME] or [DATE] for user input.
[PROMPT_INJECTION]: The instructions in SKILL.md are descriptive and provide clear guidance for the agent's behavior without attempting to override safety filters or system prompts.
[INDIRECT_PROMPT_INJECTION]: While the skill processes user-provided documentation through its gap analysis script, the script's functionality is limited to keyword matching and does not involve executing the content of those files. There is a theoretical surface for the agent to encounter instructions inside user documents, but the risk is managed by the specific scope of the QMS task.

iso-13485-certification