The Agent Skills Directory

[General] (SAFE): The skill consists entirely of instructional markdown content and code snippets provided as examples for the user. It does not contain scripts or logic designed to be executed by the agent's runtime environment.- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill contains a 'Command Execution Limit' (执行命令限制) section that explicitly forbids the agent from running test or compilation commands (e.g., 'npm test', 'npm run build'). This directly mitigates the risk of unauthorized command execution.- [Data Exposure & Exfiltration] (SAFE): There are no hardcoded credentials, sensitive file paths, or network operations. The skill actually promotes security by advising the use of environment variables and parameterized queries to prevent SQL injection.- [Indirect Prompt Injection] (LOW): Evidence Chain: 1. Ingestion point: User-provided code snippets or project descriptions for review (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: None; the skill lacks subprocess, network, or file-write capabilities. 4. Sanitization: Absent. Although it processes untrusted user data for reviews, the lack of side-effect capabilities renders this risk negligible.- [Obfuscation] (SAFE): All content is in plain text (Chinese and English) with no encoded strings or hidden Unicode characters detected.

backend-dev-guides