The Agent Skills Directory

[Prompt Injection] (SAFE): The instructions are focused on functional implementation of authentication features. There are no markers for bypassing safety filters, ignoring instructions, or extracting system prompts.
[Data Exposure & Exfiltration] (SAFE): No hardcoded credentials (API keys, tokens) or sensitive file paths (like .ssh or .aws) were found. The use of Neon Postgres is mentioned as a technical requirement for the implementation, not as a source of leaked data.
[Obfuscation] (SAFE): No Base64, zero-width characters, homoglyphs, or other encoding techniques were used to hide malicious intent.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill mentions BetterAuth and Neon Postgres, which are legitimate tools in the web development ecosystem. There are no commands to download and execute arbitrary scripts (e.g., curl | bash).
[Indirect Prompt Injection] (LOW): The skill involves processing user background data for personalization. While this creates an input surface, the instructions explicitly command the agent to follow security best practices and use structured TypeScript interfaces, which mitigates the risk of schema confusion or instruction injection via user data.
[Privilege Escalation] (SAFE): No commands involving sudo, chmod, or system-level permission changes were detected.

BetterAuth Integration