The Agent Skills Directory

Prompt Injection (SAFE): No instructions found that attempt to override agent behavior or bypass safety guidelines.
Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths were detected. The skill explicitly mandates the use of vaults/KMS for secrets and redaction of PII.
Obfuscation (SAFE): No encoded or hidden content, such as Base64, zero-width characters, or homoglyphs, was found.
Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references standard industry frameworks (Fastify, NestJS, Zod) as recommendations but does not perform any remote script execution or automated package installation.
Privilege Escalation (SAFE): No commands related to acquiring elevated permissions (e.g., sudo, chmod) were identified.
Persistence Mechanisms (SAFE): No attempts to maintain access across sessions or modify system startup files were detected.
Metadata Poisoning (SAFE): The skill's metadata is consistent with its stated purpose and contains no malicious instructions.
Indirect Prompt Injection (SAFE): The skill provides principles for the agent's internal reasoning and does not establish an automated ingestion point for untrusted external data within its own logic.
Time-Delayed / Conditional Attacks (SAFE): No logic gating malicious behavior based on time or environment conditions was found.
Dynamic Execution (SAFE): No use of dynamic execution patterns like eval(), exec(), or runtime compilation was detected.

backend-principle-eng-javascript-pro-max