The Agent Skills Directory

Prompt Injection (SAFE): No instructions found that attempt to override agent behavior or bypass safety guidelines. The content is strictly instructional and technical.
Data Exposure & Exfiltration (SAFE): The provided code snippets demonstrate standard frontend authentication patterns (using local storage for JWTs). No unauthorized data access or exfiltration to external domains was detected.
Obfuscation (SAFE): All files consist of plain text and standard code. No Base64, zero-width characters, or other obfuscation techniques were found.
Unverifiable Dependencies & Remote Code Execution (SAFE): No remote scripts are downloaded or executed. The validation script uses standard Python libraries and safe loading practices.
Privilege Escalation (SAFE): No commands involving elevated privileges (e.g., sudo, chmod) or system-level modifications were detected.
Dynamic Execution (SAFE): The scripts/validate.py script correctly uses yaml.safe_load() to prevent unsafe deserialization of configuration files.
Indirect Prompt Injection (SAFE): While the skill templates interact with external GraphQL APIs, this represents a standard operational surface for the described use case and does not introduce specific vulnerabilities within the skill's own logic.

graphql-apollo-client