The Agent Skills Directory

[SAFE]: The skill employs a restricted rendering engine (html_template_v1) that enforces strict binding rules. It prevents the execution of JavaScript and the insertion of raw HTML, which effectively mitigates cross-site scripting (XSS) risks within the produced artifacts.
[SAFE]: Data isolation and security policies are clearly defined in the references/ directory. These policies strictly prohibit the storage of sensitive fields like token, password, or secret in JSON files and mandate that all connector data be normalized and redacted before persistence.
[SAFE]: The skill's architecture relies on a platform-provided daemon wrapper ($OD_BIN) to perform operations such as fetching data from Notion or GitHub. This centralized approach ensures that external data access is governed by platform-level security controls rather than arbitrary network calls.
[SAFE]: Potential Indirect Prompt Injection risks are addressed through mandatory data sanitization and the use of escaped interpolation by default. The system design limits the impact of untrusted data by restricting it to non-executable scalar substitutions in the template.

live-artifact