The Agent Skills Directory

Category 1: Prompt Injection (SAFE): No instructions to override agent behavior or bypass safety filters were found. The skill maintains a professional instructional tone.\n- Category 2: Data Exposure & Exfiltration (SAFE): No hardcoded secrets, sensitive path access (e.g., ~/.ssh), or exfiltration commands were detected. Network calls in examples (e.g., api.example.com) are standard placeholders.\n- Category 3: Obfuscation (SAFE): No Base64 encoding, zero-width characters, or homoglyphs were identified in any of the skill files.\n- Category 4: Unverifiable Dependencies & Remote Code Execution (SAFE): No remote script execution (curl|bash) or installation of untrusted packages. The referenced libraries are standard for the Next.js ecosystem.\n- Category 5: Privilege Escalation (SAFE): No commands involving sudo, chmod 777, or administrative privilege acquisition were found.\n- Category 6: Persistence Mechanisms (SAFE): No attempts to modify shell profiles, crontabs, or system services for persistence.\n- Category 8: Indirect Prompt Injection (SAFE): While the skill provides templates for handling external data (form data), it includes examples of validation using libraries like Zod, which is a defensive best practice.\n- Category 10: Dynamic Execution (SAFE): No use of eval, exec, or unsafe deserialization. All code examples are static and intended for reference.

nextjs-developer