The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill is designed to ingest and display untrusted data from external sources (APIs/databases) through its data table components.
Ingestion points: The DataTable component in SKILL.md accepts a data prop of type TData[], and the getUsers function fetches data from /api/users.
Boundary markers: None present in the code snippets. The skill does not provide instructions to the LLM on how to handle potentially malicious instructions embedded within the table data.
Capability inventory: The skill includes UI-level capabilities such as clipboard access (navigator.clipboard.writeText) and navigation (router.push). It does not contain server-side execution or network exfiltration capabilities.
Sanitization: The implementation relies on standard React rendering (flexRender), which provides automatic XSS protection for text content but does not sanitize the logical content of the data against prompt injection if the output is later processed by an agent.
[Data Exposure] (SAFE): The network operation (fetch('/api/users')) is a standard pattern for web applications and does not target sensitive local files or unauthorized external domains.

table-builder