The Agent Skills Directory

Prompt Injection (SAFE): The skill contains no instructions attempting to override agent behavior, bypass safety filters, or extract system prompts. It uses standard instructional language for development standards.
Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file access (e.g., SSH keys, AWS configs), or unauthorized network operations were identified. Recommendations for using anonymized data for testing are consistent with security best practices.
Obfuscation (SAFE): The content is clear and readable with no signs of Base64 encoding, zero-width characters, or homoglyph attacks.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not download or execute remote scripts. While it mentions common frameworks like Alembic and Sequelize, it does not attempt to install untrusted packages.
Privilege Escalation (SAFE): No commands involving sudo, chmod 777, or other privilege escalation techniques were found.
Indirect Prompt Injection (LOW): The skill defines a surface for processing external database migration files. However, it provides robust boundary markers, such as mandatory checklists and specific coding patterns, to mitigate risks associated with untrusted data ingestion.

Backend Migration Standards