The Agent Skills Directory

PROMPT_INJECTION (SAFE): No instructions attempting to bypass safety filters or override system prompts were found. The 'IMPORTANT' sections in documentation are used for legitimate design constraints.
DATA_EXFILTRATION (SAFE): No hardcoded credentials, sensitive file path access, or network calls to untrusted domains were identified. Network tools (Firecrawl) are restricted to design research.
REMOTE_CODE_EXECUTION (SAFE): The skill does not download or execute remote scripts. It provides static code references for developers to adapt manually.
COMMAND_EXECUTION (SAFE): While 'Bash' is an allowed tool, it is typical for local development tasks (e.g., project scaffolding). No suspicious command strings or privilege escalation attempts were found.
EXTERNAL_DOWNLOADS (SAFE): The referenced MCPs (21st.dev, Stability AI, Firecrawl) are standard design integrations. No downloads from risky or untrusted sources (e.g., paste sites) are present.
OBFUSCATION (SAFE): Content is clear and readable. No Base64, zero-width characters, or encoded payloads were detected.
INDIRECT_PROMPT_INJECTION (LOW): The skill uses mcp__firecrawl__firecrawl_search to ingest external design patterns. While this is a potential ingestion point for untrusted data, the risk is low as it is used for design inspiration and does not feed into sensitive executable contexts.

native-app-designer