The Agent Skills Directory

[SAFE] (SAFE): The skill consists of technical documentation for web development. No malicious behavior was identified.- [DATA_EXFILTRATION] (SAFE): Network calls described in loaders and actions are strictly for standard application data fetching. No unauthorized transmission of sensitive data was found.- [CREDENTIALS_UNSAFE] (SAFE): Code examples use placeholders and generic names; no real API keys or secrets are hardcoded.- [PROMPT_INJECTION] (SAFE): The content consists of development rules and does not contain instructions designed to bypass agent constraints.- [EXTERNAL_DOWNLOADS] (SAFE): Referenced Node.js packages (e.g., remix-utils, zod, react-router) are reputable and standard within the developer ecosystem.- [COMMAND_EXECUTION] (SAFE): There are no instances of shell execution, privilege escalation, or persistence mechanisms.- [INDIRECT_PROMPT_INJECTION] (LOW): The skill describes ingestion of untrusted user input (URL params, Form data). Evidence: 1. Ingestion points: rules/loader-url-validation.md and rules/action-validation.md. 2. Boundary markers: Not explicitly required in prompt strings, but validation is enforced. 3. Capability inventory: Limited to UI rendering and DB mutations through typed clients. 4. Sanitization: Mandates Zod schema parsing and transforms for all external inputs, effectively mitigating injection risks.

frontend-react-router-best-practices