The Agent Skills Directory

Prompt Injection (SAFE): No instructions found that attempt to bypass safety filters, override system prompts, or extract confidential agent data. All instructions are strictly focused on technical code review and optimization.- Data Exposure & Exfiltration (SAFE): The skill does not access sensitive files or perform network operations. Examples involving localStorage and cookies are standard frontend development patterns used only for performance advice.- Obfuscation (SAFE): No use of Base64, zero-width characters, or other encoding techniques to hide malicious code or instructions.- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill contains no executable dependencies or scripts. It does not download or execute remote code.- Privilege Escalation (SAFE): No use of sudo, administrative commands, or attempts to modify system permissions or configurations.- Persistence Mechanisms (SAFE): No attempts to modify startup scripts, shell profiles, or scheduled tasks.- Metadata Poisoning (SAFE): Skill metadata (name, description) accurately represents the content and does not contain hidden instructions.- Indirect Prompt Injection (SAFE): Although the skill is intended for code review, it provides only passive instructions and does not include tools or scripts for ingesting untrusted data.- Time-Delayed / Conditional Attacks (SAFE): No conditional logic exists to gate behavior based on external triggers like time or environment.- Dynamic Execution (SAFE): No use of eval(), exec(), or runtime code generation techniques.

frontend-js-best-practices