The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is designed to read project configuration files such as package.json, go.mod, Cargo.toml, and requirements.txt. This behavior is transparently disclosed and used solely to identify technology versions and existing project conventions to ground its research in the user's specific context. No patterns of sensitive data exfiltration (e.g., credentials or environment variables) were detected.
[PROMPT_INJECTION]: As a research-oriented skill, it processes untrusted data from external web sources (Reddit, Hacker News, GitHub discussions). This represents an attack surface for Indirect Prompt Injection (Category 8). However, the skill limits the impact by instructing the agent to weight sources based on authority and date, and it focuses on generating informational documentation rather than executing commands or scripts derived from those sources. The skill does not include any instructions that attempt to bypass system safety filters or override core agent behavior.
[COMMAND_EXECUTION]: The skill does not contain any instructions for arbitrary command execution or shell access. It explicitly forbids the installation of additional skills or tools, stating that it is self-contained. Any code snippets generated are intended for user review within markdown documentation.
[EXTERNAL_DOWNLOADS]: The skill uses web search to fetch information. It does not download or execute remote binaries, scripts, or packages. References to external repositories (e.g., GitHub) are used for metadata analysis (maintenance health) rather than execution.

best-practices-researcher