The Agent Skills Directory

[SAFE]: The skill is a well-structured utility for local file indexing and retrieval. It manages dependencies locally using uv and does not download or execute arbitrary remote scripts.\n- [COMMAND_EXECUTION]: The skill uses subprocess.run to check the uv version and provides the agent with find and grep commands to perform searches within a synced .skills/ directory. These commands are used for functional purposes and are bounded to specific paths.\n- [PROMPT_INJECTION]: The skill includes instructions to guide the agent's behavior during skill retrieval and recommendation. These instructions include important security boundaries, such as the directive to treat discovered skills as data rather than instructions, which mitigates the risk of indirect prompt injection.\n- [DATA_EXFILTRATION]: Semantic search functionality involves sending text to an OpenAI-compatible embedding API. This behavior is standard, targets a well-known service, and uses environment variables for secure credential management.

skills-vote-local