The Agent Skills Directory

Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were detected. The skill uses framework detection for instructional purposes rather than behavioral control.
Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file path access detected. The guide correctly instructs users to use environment variables for Project IDs and Management Keys. Network operations are restricted to standard package managers and Descope's official API endpoints.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references standard, official SDKs for Descope (@descope/node-sdk, descope, @descope/nextjs-sdk, @descope/react-sdk). These are primary to the skill's purpose. No remote script execution patterns (e.g., curl | bash) are present.
Obfuscation (SAFE): No Base64, zero-width characters, homoglyphs, or other obfuscation techniques were identified.
Privilege Escalation & Persistence (SAFE): No commands for acquiring root privileges, modifying system files, or establishing persistence were found.
Security Best Practices (SAFE): The skill includes explicit security guardrails ("DO NOT" sections) that prevent common developer errors like manual JWT parsing or storing sensitive tokens in insecure client-side storage.

descope-auth