The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains no instructions designed to bypass safety filters or override agent behavior. The 'Key Rules' and 'Convention Loading' sections are focused purely on software engineering standards and directory organization.- [DATA_EXFILTRATION]: There are no hardcoded credentials or unauthorized network calls. The skill explicitly defines security boundaries for environment variables, distinguishing between client-exposed variables (VITE_ prefix) and server-side secrets (JWT_SECRET, DATABASE_URL), and mandates the use of safe storage wrappers to prevent data leaks or crashes in private browsing modes.- [EXTERNAL_DOWNLOADS]: All external libraries mentioned (e.g., React, TanStack Query, Zustand) are well-known, industry-standard packages from trusted registries (NPM). No downloads from untrusted or suspicious sources are present.- [REMOTE_CODE_EXECUTION]: The skill provides templates for local code generation only. It does not facilitate the execution of remote scripts or dynamically fetched code.- [COMMAND_EXECUTION]: System commands are limited to standard development tools (pnpm, sirv-cli) used for building and serving the application. No privileged or high-risk command execution patterns were found.- [DATA_EXPOSURE]: The conventions include proactive measures to prevent data exposure, such as rules against copying server state into client-side stores and guidelines for semantic HTML and accessibility.

react-dev-orchestration