The Agent Skills Directory

[PROMPT_INJECTION]: No attempts to override agent behavior or bypass safety guidelines were detected. The skill uses standard instructional language to guide the agent in security auditing tasks.
[DATA_EXPOSURE]: No hardcoded credentials, sensitive file paths, or unauthorized data access patterns were found. The skill correctly identifies and warns against storing sensitive data in client-side storage like localStorage.
[REMOTE_CODE_EXECUTION]: No remote code execution patterns, such as piping network downloads to a shell or using dynamic execution functions like eval() with external input, were detected.
[COMMAND_EXECUTION]: No dangerous shell commands or privilege escalation attempts (e.g., sudo) were found. The skill mentions standard development tools like pnpm audit for security scanning.
[OBFUSCATION]: No obfuscated content, encoded strings (Base64), or hidden characters were detected in any of the skill files.
[INDIRECT_PROMPT_INJECTION]: While the skill is designed to process external code for security reviews, it does not possess any executable capabilities that could be exploited by malicious content within the analyzed data. The skill functions solely as an informational reference.
[SAFE_PRACTICES]: The skill actively promotes security best practices, such as using textContent instead of innerHTML, implementing httpOnly cookies for tokens, and using Subresource Integrity (SRI) for external scripts.

general-frontend-security