The Agent Skills Directory

[SAFE] (SAFE): The skill contains no malicious code or high-risk behavior. All components and scripts are designed for legitimate development purposes.
[EXTERNAL_DOWNLOADS] (SAFE): Dependencies in package.json such as next, react, and typescript are standard, well-known libraries from the NPM registry.
[COMMAND_EXECUTION] (SAFE): The scripts/check-versions.sh script performs environment checks using standard commands like node and find to verify dependency versions. It does not execute arbitrary or remote code.
[DATA_EXFILTRATION] (SAFE): Network requests (fetch) in templates target an example domain (api.example.com) for demonstration. No exfiltration of sensitive local data or hardcoded credentials was found.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill features a surface for indirect injection. 1. Ingestion points: fetch calls in templates/app-router-async-params.tsx and templates/cache-component-use-cache.tsx. 2. Boundary markers: Absent. 3. Capability inventory: No high-risk capabilities (subprocess calls, exec, or eval) were detected across any scripts. 4. Sanitization: Absent; content is rendered using dangerouslySetInnerHTML. Risk is localized to the UI rendering context.

nextjs