The Agent Skills Directory

EXTERNAL_DOWNLOADS (LOW): The skill guides developers to install zmp-cli, zmp-ui, and zmp-sdk using npm. While these are legitimate packages for the Zalo platform, the Zalo organization is not included in the predefined trusted entity list, warranting a LOW severity review of the dependency chain.\n- COMMAND_EXECUTION (LOW): The documentation includes standard CLI commands for project scaffolding and deployment (zmp create, zmp deploy). These are expected behaviors for developer tools.\n- SAFE (SAFE): No instances of prompt injection, data exfiltration, persistence, or obfuscation were found in the analyzed documentation or code snippets.\n- INDIRECT_PROMPT_INJECTION (LOW): The skill documents several APIs that handle data from external or untrusted sources, creating a potential injection surface.\n
Ingestion points: getRouteParams (api-ui.md), OnDataCallback (api-overview.md), and getItem (api-storage.md) process external parameters or stored data.\n
Boundary markers: Absent; code snippets do not illustrate the use of delimiters or 'ignore' instructions for external data.\n
Capability inventory: Includes potentially sensitive operations such as openWebview (external network access), setItem (local storage writing), openChat (social interaction), and saveImageToGallery (media writing).\n
Sanitization: Examples do not demonstrate input validation or escaping for the ingested data.

zalo-mini-app