react-flow-node-ts

The skill consists of a main markdown file (SKILL.md) providing instructions and two template files (assets/template.tsx, assets/types.template.ts) for generating React Flow components, along with an acceptance criteria document (references/acceptance-criteria.md).

1. Prompt Injection: No patterns indicative of prompt injection were found in any of the files. The instructions are clear and focused on code generation.
2. Data Exfiltration: There are no commands or code snippets that attempt to read sensitive files, access credentials, or make unauthorized network requests.
3. Obfuscation: No obfuscation techniques (Base64, zero-width characters, homoglyphs, URL/hex/HTML encoding) were detected in any of the files.
4. Unverifiable Dependencies: The skill itself does not install or execute any external dependencies. It provides templates that reference common frontend libraries like @xyflow/react, react, and zustand, which would be part of the user's own project setup. This is not an unverifiable dependency for the skill's execution by the agent.
5. Privilege Escalation: No commands like sudo, chmod, or other system-modifying operations are present.
6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, creating cron jobs) were found.
7. Metadata Poisoning: The name and description fields in SKILL.md are benign and accurately reflect the skill's purpose.
8. Indirect Prompt Injection: This threat category is not applicable as the skill does not process external, untrusted user input.
9. Time-Delayed / Conditional Attacks: No conditional logic designed to trigger malicious behavior based on time, usage, or environment was identified.

All files are purely descriptive or templating in nature, intended for the AI to generate code based on them, rather than for the AI to execute any code itself. Therefore, the skill is deemed safe.