The Agent Skills Directory

[PROMPT_INJECTION]: No attempts to bypass safety filters or override system instructions were found. The skill uses strong instructional imperatives (e.g., 'REQUIRED READ', 'MUST read persona.md') to ensure the agent follows the intended RAG workflow and persona adherence, which are benign in this context.
[DATA_EXFILTRATION]: No sensitive data access or unauthorized network requests were detected. The skill reads exclusively from its own local knowledge base (persona.md and the topics/ directory).
[REMOTE_CODE_EXECUTION]: The skill does not download or execute external code. No package managers (npm, pip) or remote script execution patterns are present.
[COMMAND_EXECUTION]: No shell command execution or system-level operations were found in the instructions or the topic files.
[OBFUSCATION]: A scan for Base64, hex encoding, zero-width characters, and homoglyphs returned no results. The content is entirely plain-text markdown.
[INDIRECT_PROMPT_INJECTION]: While the skill ingests user input to provide writing advice, it does not possess exploitable capabilities such as network access or file-writing. The instructions explicitly limit the agent to using only the substance in the loaded files, reducing the risk of accidental instruction following from untrusted data.

dojo-william-zinsser