The Agent Skills Directory

Prompt Injection (SAFE): No instructions found that attempt to bypass safety guidelines or override agent behavior.- Data Exposure & Exfiltration (SAFE): The code snippets handle device tokens and notification payloads according to standard protocols. No hardcoded credentials or unauthorized file system access were detected.- Obfuscation (SAFE): No Base64, zero-width characters, or other encoding techniques intended to hide malicious content were found.- Unverifiable Dependencies (SAFE): The code references established and reputable libraries, specifically @react-native-firebase/messaging.- Indirect Prompt Injection (SAFE): A potential ingestion surface for untrusted data exists in the message handlers. 1. Ingestion points: onMessage and onMessageReceived handlers in SKILL.md. 2. Boundary markers: None. 3. Capability inventory: The skill only provides functionality for logging and displaying local notifications; it lacks capabilities for arbitrary command execution or external data exfiltration using the message content. 4. Sanitization: None. Despite the lack of sanitization, the risk is negligible due to the absence of exploitable capabilities.- Remote Code Execution (SAFE): No dynamic execution or downloading of remote scripts was identified.

push-notification-setup