The Agent Skills Directory

Codebase Inspection: The skill reads local repository files, including source code and metadata, to understand the application's functionality. This is a primary function used to generate accurate submission documentation.
Sensitive Data Detection: A core feature of the skill is scanning tool schemas for potentially sensitive data fields (such as credentials, government IDs, or health information) to warn the developer before submission. This helps prevent the accidental inclusion of private identifiers in the application interface.
Controlled Source Updates: The skill can modify source files to update metadata hints; however, it is explicitly instructed to request developer approval before performing any modifications, ensuring the user remains in control of the codebase.
Privacy Guardrails: The instructions specifically direct the agent to exclude secrets, credentials, local system paths, or private implementation details from the generated output files.
Indirect Prompt Injection Surface: Because the skill processes external codebase content (source code and READMEs), there is an inherent surface for indirect instruction injection. The skill mitigates this by focusing on structured data extraction and requiring confirmation for changes.

chatgpt-app-submission