The Agent Skills Directory

[Prompt Injection] (SAFE): No evidence of instructions designed to bypass safety filters, extract system prompts, or override core agent constraints. The language is purely instructional and professional.- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, API keys, or sensitive file paths were detected. The skill does not perform network operations or access system secrets.- [Obfuscation] (SAFE): The content is entirely human-readable markdown and standard TypeScript. No Base64 encoding, zero-width characters, or homoglyph attacks are present.- [Remote Code Execution] (SAFE): The skill does not download external scripts, install unverified packages, or use dangerous execution patterns like piped curl-to-bash.- [Indirect Prompt Injection] (LOW): The skill is designed to process user-provided code (untrusted data) for review. While this is an attack surface, the skill is purely an advisory persona and does not define tools for autonomous file modification or command execution, limiting the risk to internal reasoning influence only.- [Dynamic Execution] (SAFE): The provided code snippets demonstrate standard, safe Node.js patterns (streams, pools, async handling) and do not use unsafe deserialization or runtime code generation.

nodejs-expert