The Agent Skills Directory

SAFE (SAFE): The skill's files consist of markdown instructions and reference guides for Payload CMS development. No malicious behavior or security risks were found across any of the 10 threat categories.
Prompt Injection (SAFE): There are no attempts to override agent behavior, extract system prompts, or bypass safety filters. All instructions are focused on correct implementation of framework features.
Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths (like ~/.ssh or ~/.aws) are present. Examples properly use environment variables for secrets.
Unverifiable Dependencies & Remote Code Execution (SAFE): No unauthorized script execution or dangerous piping (e.g., curl|bash) is present. Commands mentioned in documentation (like npx add-skill) are standard installation instructions for the user.
Security Best Practices (INFO): The skill includes a dedicated section on 'Critical Security Rules' that specifically warns against common vulnerabilities such as Local API access control bypass and infinite hook loops.

payload-cms