The Agent Skills Directory

Prompt Injection (SAFE): The skill contains technical guidelines and does not attempt to override agent instructions or bypass safety protocols.\n- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file access, or unauthorized network communication patterns were identified.\n- Obfuscation (SAFE): All files are written in clear-text markdown and JavaScript with no encoded or hidden content.\n- Unverifiable Dependencies & Remote Code Execution (SAFE): References to packages like r3f-perf and @react-three/fiber are standard for the described domain. No suspicious remote script execution (e.g., curl | bash) was found.\n- Privilege Escalation (SAFE): No commands targeting system-level permissions or administrative access are present.\n- Persistence Mechanisms (SAFE): The skill does not contain logic to maintain access across sessions or modify system startup configurations.\n- Metadata Poisoning (SAFE): Metadata fields are strictly informational and do not contain deceptive instructions.\n- Indirect Prompt Injection (SAFE): The skill provides coding rules and does not ingest or process untrusted external data at runtime.\n- Time-Delayed / Conditional Attacks (SAFE): No time-based or environment-specific triggers for malicious behavior were found.\n- Dynamic Execution (SAFE): The skill does not utilize eval(), exec(), or any form of runtime code generation or compilation.

r3f-best-practices