The Agent Skills Directory

[SAFE]: The skill functions as a local data processor that reads CSV files and generates text-based reports. It does not require or use any external tools or network-enabled capabilities.- [DATA_EXPOSURE]: No sensitive system paths, environment variables, or hardcoded credentials were found. The skill only accesses CSV files in the user's workspace containing analytics metrics.- [REMOTE_CODE_EXECUTION]: There are no instructions or patterns related to downloading or executing remote scripts or packages.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes external CSV data. However, this is assessed as safe because the skill lacks the capabilities (such as network access or command execution) that would be necessary to exploit such an injection. 1. Ingestion points: CSV files located in the Cowork workspace (SKILL.md, Step 1). 2. Boundary markers: Absent. 3. Capability inventory: None detected across all scripts. 4. Sanitization: Numeric values are normalized, but text content is not explicitly sanitized.

content-performance-reporter