The Agent Skills Directory

[Prompt Injection] (SAFE): The instructions in SKILL.md are strictly operational and do not attempt to override the underlying agent's safety protocols or extract system prompts.
[Data Exposure & Exfiltration] (SAFE): No hardcoded credentials (API keys/tokens) or sensitive file path access were detected. Code snippets use environment variable placeholders (e.g., process.env.STRIPE_SECRET_KEY) or variables like SECRET, which is standard for educational content.
[Obfuscation] (SAFE): No Base64, zero-width characters, homoglyphs, or encoded strings were found in the skill files.
[Remote Code Execution] (SAFE): No remote scripts are downloaded or executed. The skill does not use dangerous functions like eval() or exec() on untrusted input.
[Indirect Prompt Injection] (SAFE): While the skill processes user-provided keywords to trigger specific workflows, it does not ingest external data in a way that allows for command execution or side effects. It functions primarily as a knowledge base.
[Security Best Practices] (INFO): The technical references (e.g., webhook-security.md) correctly advocate for critical security measures, including crypto.timingSafeEqual for signature comparisons and raw body verification for HMAC signatures.

integration-patterns-mastery