The Agent Skills Directory

[SAFE]: The skill uses a standalone Python script, analyze.py, which relies exclusively on Python's standard library for processing text data.
[DATA_EXPOSURE]: While the skill reads transcript files from a user-provided directory, it does not access sensitive system paths (like .ssh or .aws configs) and does not perform any network operations to exfiltrate data.
[COMMAND_EXECUTION]: The skill does not invoke subprocesses or execute arbitrary shell commands. It processes file contents strictly as text for analysis.
[INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted transcript data (.txt, .md, .vtt). While these files could contain malicious instructions designed to influence an LLM that later reads the generated report, the current script uses statistical methods (n-grams and keywords) rather than an LLM for its analysis, mitigating the immediate risk of prompt injection within this skill's logic.
[NO_CODE]: Although the SKILL.md file mentions an optional --llm flag and environment variables for API keys, the provided analyze.py script does not implement this functionality, meaning no remote API calls are actually performed.

customer-interview-analyzer