The Agent Skills Directory

[SAFE]: The skill is focused entirely on providing legitimate technical instructions for React development. No security vulnerabilities or malicious behaviors were identified across any of the analyzed files.
[PROMPT_INJECTION]: The instructions do not contain any patterns attempting to override agent behavior, bypass safety filters, or extract system prompts. The language is strictly instructional and domain-specific.
[DATA_EXFILTRATION]: No evidence of data collection or exfiltration was found. The skill does not access sensitive file paths (e.g., .ssh, .env) or perform network operations to external domains.
[REMOTE_CODE_EXECUTION]: There are no commands or patterns for downloading and executing remote scripts. The skill correctly identifies the rebranded 'motion' npm package as the standard dependency.
[CREDENTIALS_UNSAFE]: No hardcoded secrets, API keys, or tokens are present. The skill follows best practices by not including sensitive information.
[OBFUSCATION]: No obfuscated content, such as Base64-encoded commands, zero-width characters, or homoglyphs, was detected.
[DYNAMIC_EXECUTION]: The skill generates standard React code for user implementation and does not use dangerous dynamic execution patterns like eval() or exec().

kao-react-motion