The Agent Skills Directory

[SAFE]: No malicious patterns, obfuscation, or persistence mechanisms were detected. The skill's functionality is limited to financial calculation and reporting based on user-provided parameters.\n- [DATA_EXFILTRATION]: The skill reads from a local configuration file (../../CLAUDE.md) to retrieve scenario-level rules for LCR calculation. No access to sensitive system files (e.g., SSH keys, AWS credentials) or unauthorized network exfiltration was found.\n- [PROMPT_INJECTION]: Potential indirect injection surfaces were evaluated. 1. Ingestion points: Local configuration file (../../CLAUDE.md) and user-provided financial data. 2. Boundary markers: Absent. 3. Capability inventory: No dangerous capabilities (e.g., shell commands, network requests, or file-write operations) are present in the skill, preventing any data-driven exploitation. 4. Sanitization: Absent. The risk is assessed as safe due to the absence of exploitable tools.

lcr-assessment