The Agent Skills Directory

Prompt Injection (SAFE): No malicious instructions to bypass safety filters or override system prompts were detected. The directive 'MUST be used for Webman framework projects' in the description serves as a contextual constraint for applying the best practices and does not represent a jailbreak or safety override.
Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file path access, or network operations are present. The examples provided are generic architectural patterns.
Obfuscation (SAFE): No Base64, zero-width characters, homoglyphs, or other obfuscation techniques were found in the markdown content or code examples.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform any package installations or remote script executions. It references standard tools like PHPStan and Composer for development purposes but does not trigger their installation.
Command Execution (SAFE): While the documentation provides shell command snippets (e.g., using find and grep for directory linting), these are informational and intended for manual use by a developer to verify project structure. No automated command execution is triggered by the skill itself.
Privilege Escalation & Persistence (SAFE): No commands related to sudo, service installation, or persistence (like crontabs or startup scripts) are present.
Indirect Prompt Injection (SAFE): Although the skill processes 'Webman projects' as context, its instructions are purely defensive and focus on hardening (e.g., implementing strict types and immutability), which actually reduces the attack surface of the code being written.

webman-best-practices