The Agent Skills Directory

[PROMPT_INJECTION]: The skill explicitly instructs the agent to treat comments within YAML files as data and instructions (e.g., 'Comments ARE data', 'The LLM reads these. Acts on them. Comments are instructions.'). While this is the intended functionality of the 'YAML Jazz' convention, it creates a surface for indirect prompt injection where a malicious actor could embed instructions in a YAML comment that the agent might obey when parsing the file. This is noted as an inherent property of the convention rather than a malicious exploit within the skill itself.
[SAFE]: The skill consists entirely of documentation, metadata, and character definitions. It does not include any executable scripts (.py, .js, .sh), binary files, or instructions that trigger automated network requests.
[SAFE]: The YAML frontmatter in SKILL.md includes an allowed-tools list containing read_file and write_file. As per the platform rules, this configuration serves to restrict the agent's environment rather than grant unsafe permissions. No findings are warranted for these platform-level limitations.
[SAFE]: All external URLs mentioned in the documentation (e.g., links to x.com and anildash.com) are for informational and citation purposes. There are no patterns suggesting the automated download or execution of remote content.

yaml-jazz