The Agent Skills Directory

Prompt Injection (SAFE): No instructions were found that attempt to override agent behavior, bypass safety filters, or extract system prompts. The skill uses standard instructional formatting for developer roles.
Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file path access (e.g., .ssh, .aws), or suspicious network operations were detected. While various code snippets contain placeholder passwords like 'password123' or 'secret123', these are restricted to example unit tests and do not represent functional credentials.
Obfuscation (SAFE): No use of Base64 encoding for commands, zero-width characters, homoglyphs, or other obfuscation techniques was found.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not contain instructions to download or execute external scripts (e.g., curl|bash). It references standard framework ecosystems (Maven, NuGet, Composer, Bundler) but does not include malicious package installation commands.
Persistence & Privilege Escalation (SAFE): No patterns for maintaining access (crontab, shell profiles) or escalating privileges (sudo, chmod 777) were identified.
Indirect Prompt Injection (LOW): As a developer skill, it naturally possesses the capability to read and modify local files via the 'Read', 'Write', 'Edit', and 'Bash' tools. While this creates an attack surface if the agent processes untrusted code, the skill itself provides no malicious instructions and adheres to the intended purpose of assisting with backend development.

faion-backend-enterprise