The Agent Skills Directory

[SAFE]: The skill is purely informational and instructional. It provides templates and examples to help developers identify cybersecurity gaps. It does not perform automated actions, download external scripts, or execute shell commands.
[DATA_EXPOSURE_AND_EXFILTRATION]: No hardcoded credentials or unauthorized data access patterns were found. The skill references sensitive file types like .env or vault only in the context of teaching secure management practices.
[REMOTE_CODE_EXECUTION]: The skill does not contain any patterns for downloading or executing remote code. All external links point to official European Union documentation (eur-lex.europa.eu).
[INDIRECT_PROMPT_INJECTION]: As an analysis tool, the skill is intended to process Java source code and configuration files. While this creates an ingestion surface for untrusted data, the skill lacks dangerous capabilities (like eval or network exfiltration) that would make such an injection exploitable. The instructions also emphasize that legal and safety reviews remain the responsibility of human owners.

804-regulations-eu-nis2