The Agent Skills Directory

[SAFE]: The skill is a standard text-processing utility designed to compare curriculum frameworks against accreditation requirements. It does not perform any dangerous operations.
[DATA_EXFILTRATION]: No network operations (such as curl, wget, or fetch) are present in the skill instructions or prompt. The skill does not attempt to transmit data externally.
[REMOTE_CODE_EXECUTION]: There are no scripts, binaries, or package dependencies included in the skill. It does not invoke shell commands or execute dynamic code.
[CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or passwords were found. The skill does not request or handle sensitive environmental variables like SSH keys or AWS credentials.
[PROMPT_INJECTION]: While the skill ingests untrusted text data via the framework and requirements fields, the lack of tool access significantly limits the risk of indirect prompt injection.
Ingestion points: framework and requirements variables in SKILL.md.
Boundary markers: The skill uses standard interpolation placeholders but does not define explicit boundary delimiters for external content.
Capability inventory: The skill has no access to the filesystem, network, or subprocess execution. It only produces text-based output.
Sanitization: No sanitization of user-provided framework or requirement text is performed.
[COMMAND_EXECUTION]: The skill does not use any shell execution or dynamic context injection (!command syntax).

coverage-audit