The Agent Skills Directory

[SAFE]: The skill provides a structured workflow for auditing repository conventions (Tier 1 structural checks and Tier 2 quality checks). The instructions are clear, transparent, and align with the stated goal of ensuring skill quality.- [DATA_EXPOSURE]: The skill reads project-specific files such as SKILL.md, TEMPLATE.md, EXAMPLE.md, and AGENTS.md. These operations are scoped to the project's own directory structure and do not involve unauthorized access to system files, credentials, or personal data.- [PROMPT_INJECTION]: No evidence was found of instructions attempting to bypass safety protocols, override model constraints, or reveal system prompts. Natural instructional language is used appropriately.- [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted data from the skills it audits. However, the risk is negligible as the skill lacks high-risk capabilities like network access or code execution.
Ingestion points: Target skill files (SKILL.md, references/TEMPLATE.md, references/EXAMPLE.md) and repository metadata (AGENTS.md).
Boundary markers: Absent; the skill does not use specific delimiters to isolate external content.
Capability inventory: Limited to local file reading and generating a structured markdown validation report.
Sanitization: Absent; content from target files is analyzed for quality patterns but not explicitly sanitized.- [REMOTE_CODE_EXECUTION]: There are no patterns involving package installations, remote script downloads (curl|bash), or dynamic code evaluation (eval/exec).

utility-pm-skill-validate