The Agent Skills Directory

[PROMPT_INJECTION]: The skill uses natural instructional language to define a developer persona and architectural standards. There are no attempts to bypass safety filters, extract system prompts, or override agent constraints.
[EXTERNAL_DOWNLOADS]: The skill references several non-standard package names and terms (e.g., react-hook-blog, @hookblog/resolvers/zod, perblogance, transblogers) which appear to be the result of a global string replacement of 'form' with 'blog' in the documentation. While these packages do not exist in standard registries, no malicious download or remote script execution patterns (like curl | bash) were detected.
[DATA_EXFILTRATION]: Network patterns described in the skill are restricted to standard API service calls within the application's domain (e.g., /blog/*, /users/*). No unauthorized exfiltration or requests to non-whitelisted domains were found.
[CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or private certificates were found. The skill provides guidelines for secure authentication handling using a centralized useAuth hook.
[COMMAND_EXECUTION]: No dangerous shell command execution or privilege escalation patterns were detected. The instructions focus on frontend React logic and routing.

frontend-dev-guidelines