The Agent Skills Directory

Prompt Injection (SAFE): No instructions were found that attempt to override agent behavior, bypass safety filters, or extract system prompts. The content is strictly technical and instructional.
Data Exposure & Exfiltration (SAFE): No sensitive file paths (e.g., SSH keys, AWS credentials) are targeted. Network references are limited to legitimate project documentation and repository sites (tsdown.dev, rolldown.rs, github.com).
Obfuscation (SAFE): No Base64, zero-width characters, or other obfuscation techniques were identified in the markdown files.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill documentation mentions standard packages (e.g., tsdown, publint, vue-tsc) and standard installation commands (pnpm, npx). While it provides examples of hooks that can execute commands (e.g., onSuccess scripts), these are standard features of a build tool and are presented within a documentation context for the developer's use.
Indirect Prompt Injection (LOW): As a bundler reference, the skill explains how to process source code. While source code is an untrusted ingestion point, the skill provides documentation on how to use the tool properly rather than introducing a vulnerability in the agent's logic itself.

tsdown