The Agent Skills Directory

Prompt Injection (SAFE): No instructions found that attempt to bypass safety filters or override agent behavior. The guidelines provided in SKILL.md are purely task-oriented documentation content.- Data Exposure & Exfiltration (SAFE): No hardcoded sensitive credentials or unauthorized network exfiltration was found. URLs in code examples use placeholders like example.com or point to official DCloud domains. Usage of location and file access APIs is consistent with the skill's purpose of providing development integration guidance.- Obfuscation (SAFE): No malicious obfuscation detected. A placeholder JWT string in the storage example contains standard Base64 encoding for educational purposes. Character encoding artifacts in some comments appear to be accidental source documentation issues and are benign.- Unverifiable Dependencies & RCE (SAFE): No unauthorized package installations or remote command execution patterns found. External script references provided in the web-view documentation point to trusted official SDK providers such as Tencent, WeChat, and Baidu.- Indirect Prompt Injection (LOW): As a library of code templates, the skill provides examples for ingesting external data (e.g., via uni.request, web-view, and rich-text). While these templates do not explicitly include sanitization logic, this is common for developer documentation and represents a standard integration surface rather than a direct threat from the skill code itself.- Persistence & Privilege Escalation (SAFE): No persistence mechanisms (such as shell profile modifications) or unauthorized permission requests (such as sudo or Windows registry changes) were identified.

uniapp-project