The Agent Skills Directory

[SAFE]: The skill consists of instructional prompts and local Python scripts for document processing. No signs of prompt injection, data exfiltration, or malicious intent were found.\n- [COMMAND_EXECUTION]: The skill includes several Python scripts that use subprocess.call to execute internal utility scripts (e.g., convert_formats.py and parse_formats.py) for format conversion. These executions are restricted to calling local Python files using the current interpreter and do not involve shell execution or arbitrary command injection.\n- [INDIRECT_PROMPT_INJECTION]: The skill processes content from various external file formats (Excel, Word, CSV, JSON, XMind) via its parsing scripts. This provides an entry point for untrusted data, though the risk is localized to the formatting utilities and does not expose sensitive capabilities.

performance-testing