The Agent Skills Directory

[SAFE]: No malicious patterns, data exfiltration, or unauthorized execution patterns were detected. The skill is primarily informational and provides guidance on using a third-party marketplace.
[EXTERNAL_DOWNLOADS]: The skill references 'collabstr.com', the official domain for the platform described. These references are legitimate and do not involve suspicious automated downloads.
[COMMAND_EXECUTION]: The skill provides an installation command ('npx skills add sales-skills/sales') for a related routing tool. This command originates from the same author ('sales-skills') and is a standard way to manage skills in this ecosystem.
[DATA_EXFILTRATION]: The skill uses a local file 'references/learnings.md' to store accumulated knowledge. This behavior is confined to the skill's directory and does not involve harvesting or transmitting sensitive user information.
[SAFE]: Assessment for potential indirect prompt injection (Category 8): 1. Ingestion points: 'references/learnings.md' and user-provided descriptions of tasks. 2. Boundary markers: No explicit delimiters are used for these inputs. 3. Capability inventory: The skill has the ability to append findings to its own local 'references/learnings.md' file. 4. Sanitization: No explicit validation is performed on the data before it is appended to the log. The risk is assessed as safe given the lack of dangerous capabilities.

sales-collabstr