The Agent Skills Directory

[SAFE]: No security issues were detected. The skill instructions and manifest configurations are consistent with its stated purpose of MATLAB code review.
[COMMAND_EXECUTION]: The skill leverages the evaluate_matlab_code tool to run diagnostic MATLAB snippets. These snippets are used for static analysis, such as calculating cyclomatic complexity via string matching and identifying toolbox dependencies. These operations are local and pose no risk of privilege escalation or data exfiltration.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes external MATLAB files. 1. Ingestion points: MATLAB source files read via fileread or static analysis tools (referenced in SKILL.md). 2. Boundary markers: None identified; instructions do not specify delimiters for code content. 3. Capability inventory: evaluate_matlab_code and check_matlab_code tools (defined in manifest.yaml). 4. Sanitization: No input sanitization or validation of the MATLAB code content is performed prior to processing. The severity is considered SAFE because the skill is intended for read-only evaluation and explicitly warns against the use of dynamic execution functions like eval.

matlab-review-code