The Agent Skills Directory

[Prompt Injection] (SAFE): No instructions to bypass safety filters, override system prompts, or extract internal instructions were detected. The language is purely instructional and professional.
[Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file access, or network calls to external domains are present. The skill explicitly states that all references are local and no network access is required.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): No package managers (npm, pip, etc.) are invoked, and no remote scripts are downloaded or executed. The grep commands provided are examples for navigating local documentation files.
[Obfuscation] (SAFE): No signs of Base64 encoding, zero-width characters, homoglyphs, or other obfuscation techniques were found in the skill text or metadata.
[Privilege Escalation] (SAFE): No commands involving sudo, chmod, or system-level configuration changes were detected.
[Indirect Prompt Injection] (LOW): While the skill is designed to process user-provided React/Next.js code (ingestion point), it serves as a set of guidelines and does not possess capabilities to execute that code or perform sensitive operations, minimizing the risk surface.

react-best-practices