The Agent Skills Directory

[SAFE]: The skill is a comprehensive toolkit for technical leadership, focused on providing guidance, frameworks, and assessment tools. All included documentation and scripts align with the stated purpose of assisting a CTO or engineering manager.
[COMMAND_EXECUTION]: The skill includes two Python scripts, scripts/tech_debt_analyzer.py and scripts/team_scaling_calculator.py. These scripts are intended to be run by the agent to process configuration data. A thorough review of the source code confirms they only utilize standard libraries (json, math, typing, datetime) to perform deterministic calculations and format report strings. They do not interact with the network, modify the file system, or utilize dangerous dynamic execution functions like eval() or exec().
[DATA_EXPOSURE]: There are no hardcoded credentials, API keys, or suspicious file path references (e.g., .ssh, .aws) within the skill's code or documentation. The scripts operate exclusively on data structures provided during the interaction.
[INDIRECT_PROMPT_INJECTION]: While the skill ingests external data for its analysis scripts, it lacks any exploitable capabilities such as network exfiltration or file writing. The processing logic is entirely contained within local Python functions, providing no vector for an indirect injection to influence the host environment or external services.
[METADATA_POISONING]: All metadata fields in SKILL.md and plugin.json are consistent with the skill's functionality and the author's identity. There are no deceptive instructions or hidden payloads in the descriptions or author information.

cto-advisor