The Agent Skills Directory

Indirect Prompt Injection (LOW): The JavaScript code example demonstrates a potential XSS vulnerability surface by assigning an unsanitized attribute value directly to innerHTML.\n- Ingestion points: this.getAttribute('name') in the HelloWorld class in SKILL.md.\n- Boundary markers: Absent.\n- Capability inventory: Client-side DOM manipulation via innerHTML.\n- Sanitization: Absent. Use textContent or innerText to mitigate this risk.\n- Data Exposure & Exfiltration (SAFE): No hardcoded secrets, sensitive file paths, or unauthorized data access patterns were detected.\n- External Downloads (SAFE): References to external sites (MDN, GitHub, pub.dev) are purely educational and point to trusted domains.

how-to-create-html-web-components-with-dart