The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains only legitimate technical instructions for developers. There are no attempts to override agent behavior, bypass safety filters, or extract system prompts.
[DATA_EXFILTRATION]: No sensitive data access or unauthorized network operations were detected. The included shell scripts are functional utilities that operate on the local development environment or the local testing server (localhost).
[REMOTE_CODE_EXECUTION]: No remote code execution patterns were found. The skill includes local shell scripts for key generation and API testing, which are standard developer tools and do not fetch or execute untrusted remote content.
[OBFUSCATION]: There is no evidence of obfuscated or hidden content. Base64 encoding is used exclusively for standard cryptographic and JWT-related operations as part of the intended functionality.
[COMMAND_EXECUTION]: The skill provides bash scripts (generate-jwt-keys.sh and test-jwt-setup.sh) intended for local development and testing. These scripts use standard system utilities like keytool, openssl, and curl for legitimate purposes.
[CREDENTIALS_UNSAFE]: No hardcoded production credentials or secrets were found. Placeholders and test-only keys are used in examples, and the instructions explicitly warn users against hardcoding secrets in version control.
[PERSISTENCE]: The skill does not attempt to establish unauthorized persistence on the host machine. It describes legitimate persistence of authentication tokens within a database as part of the Spring Boot application logic.
[INDIRECT_PROMPT_INJECTION]: The skill specifically teaches how to handle untrusted data and provides implementation patterns for sanitizing inputs to prevent common vulnerabilities like XSS and SQL injection.

spring-boot-security-jwt