The Agent Skills Directory

Prompt Injection (SAFE): No instructions designed to override agent behavior, bypass safety guardrails, or extract system prompts were detected. The use of terms like 'CRITICAL' or 'IMPORTANT' is limited to Play Store policy context.- Data Exposure & Exfiltration (SAFE): The skill does not attempt to access sensitive local files or hardcoded credentials. All identifiers in code examples are non-sensitive placeholders (e.g., 'ca-app-pub-xxxxxxxxxxxxxxxx~yyyyyyyyyy').- Indirect Prompt Injection (SAFE): The skill is designed to analyze app manifests, SDK lists, and store metadata. While this represents a data ingestion surface, the risk is mitigated as the skill performs informational analysis rather than executing untrusted data, and it lacks dangerous write or network capabilities.- Command Execution (SAFE): Includes shell commands (gradlew, aapt, grep, curl) as part of a developer's manual pre-submission checklist. These commands are standard for Android development and do not involve automated execution of untrusted remote scripts.- External Downloads (SAFE): The curl command is used solely as a HEAD request (-I) to verify the accessibility of a privacy policy URL, which is a required step for Play Store compliance and does not involve downloading executable code.

google-play-store-review