The Agent Skills Directory

[SAFE]: The skill is purely educational and its behavior matches its description. No malicious patterns were identified.
[NO_CODE]: The skill consists entirely of Markdown instructions and JSON test data; no executable scripts or system commands are present.
[PROMPT_INJECTION]: No override instructions, safety bypasses, or system prompt extraction attempts were found in SKILL.md or test-prompts.json.
[DATA_EXPOSURE_AND_EXFILTRATION]: There is no access to sensitive file paths (e.g., .ssh, .aws) and no network exfiltration patterns.
[UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill does not install third-party packages or download/execute remote code.
[INDIRECT_PROMPT_INJECTION]: 1. Ingestion points: User decision scenarios in text format. 2. Boundary markers: None. 3. Capability inventory: No shell access, network operations, or file-writing. 4. Sanitization: Not applicable. The attack surface is non-exploitable due to zero available capabilities.

misjudgment-psychology-checklist