The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill templates demonstrate patterns for ingesting untrusted data that could lead to downstream exploitation.
Ingestion points: The params and searchParams in templates/app-router-async-params.tsx and templates/cache-component-use-cache.tsx are derived from user-controlled URLs.
Boundary markers: Absent; there are no instructions or delimiters to treat the fetched content as untrusted.
Capability inventory: The skill uses fetch for network requests and dangerouslySetInnerHTML to render content directly into the DOM.
Sanitization: Absent; the templates explicitly use dangerouslySetInnerHTML={{ __html: post.content }} without any HTML sanitization logic, which is a high-risk coding pattern.
External Downloads (SAFE): The skill references standard development tools and packages via npx and npm. These are from trusted registries (npmjs.com) and follow standard developer workflows.
Evidence: npx create-next-app@latest and npx shadcn@latest init in commands/init.md.
Command Execution (SAFE): The scripts/check-versions.sh script executes local commands to verify the environment. It performs version checks using node -p and cut, which is a standard administrative task with no evidence of malicious intent.

nextjs