The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the agent to install several companion skills from GitHub using npx skills add. While the sources from anthropics, vercel-labs, and supabase are considered trusted, the use of remote execution for agent extensions carries inherent risks.
REMOTE_CODE_EXECUTION (MEDIUM): Project scaffolding is performed using pnpm create next-app with a remote repository template from github.com/whopio/whop-nextjs-app-template. This repository belongs to an organization not explicitly included in the trusted list.
COMMAND_EXECUTION (LOW): The skill utilizes standard development tools including pnpm, npx, and git for project initialization and dependency management.
DATA_EXFILTRATION (SAFE): The skill correctly identifies and handles sensitive credentials such as WHOP_API_KEY and SUPABASE_SERVICE_ROLE_KEY. It provides explicit warnings and best practices to ensure these secrets are stored in server-side environment variables and never exposed to client-side code.
PROMPT_INJECTION (SAFE): No malicious role-play, bypass, or override markers were detected. The instructions regarding user priority in design principles are standard for developer assistant tools.

whop-dev