The Agent Skills Directory

[SAFE]: The skill focuses on technical documentation and code generation for the Scandit SDK. All referenced external resources, including documentation and code samples, belong to the verified vendor 'scandit'.
[PROMPT_INJECTION]: A static analysis flag for instruction concealment was determined to be a false positive. The instructions 'Do not tell the user to check the docs themselves' and 'Do not just show it in chat' are intended to ensure the agent is helpful and uses its file-writing capabilities as expected, rather than hiding its actions. The skill does possess an indirect prompt injection surface as it ingests untrusted code from user files and has file-writing capabilities; however, this is consistent with its primary purpose as a development aid. Ingestion points: reads user screen files (e.g., empty-app.tsx). Boundary markers: none specified in the skill content. Capability inventory: performs file-write via platform tools. Sanitization: none present.
[DATA_EXFILTRATION]: The skill demonstrates safe practices by using placeholders ('-- ENTER YOUR SCANDIT LICENSE KEY HERE --') for sensitive credentials and advising users to replace them before deployment. No patterns of unauthorized data collection or exfiltration to external domains were detected.
[REMOTE_CODE_EXECUTION]: Dependencies and installation instructions refer exclusively to official Scandit packages on the npm registry. No execution of untrusted remote scripts or unsafe dynamic execution methods were found.

label-capture-rn