The Agent Skills Directory

Prompt Injection (SAFE): No instructions were found that attempt to override agent behavior, bypass safety filters, or extract system prompts. The content is strictly educational.
Data Exposure & Exfiltration (SAFE): There are no hardcoded credentials, sensitive file path accesses, or suspicious network operations. API call examples in the code snippets target local relative paths (e.g., /api/check-username).
Obfuscation (SAFE): All content is provided in clear text. No Base64, zero-width characters, or homoglyph attacks were detected.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references standard, well-known industry packages (e.g., @tanstack/react-table, zod, react-hook-form). CLI usage examples involve shadcn@latest, which is the official tool for the library described. No suspicious remote script execution (curl|bash) was found.
Privilege Escalation & Persistence (SAFE): No commands related to sudo, privilege escalation, or shell persistence (like modifying .bashrc) were found.
Indirect Prompt Injection (SAFE): While the skill provides data for an agent to process, it is a static knowledge base and does not provide an attack surface for ingesting untrusted external data into the agent's control flow.
Dynamic Execution (SAFE): No use of eval(), exec(), or unsafe deserialization (like pickle) was found in the code examples.

shadcn