The Agent Skills Directory

[Prompt Injection] (SAFE): No instructions were found that attempt to bypass safety filters, override agent behavior, or extract system prompts.
[Data Exposure & Exfiltration] (SAFE): No sensitive file paths, hardcoded credentials, or exfiltration patterns were detected. The example fetch call uses a placeholder domain.
[Remote Code Execution] (SAFE): The skill does not contain commands to download or execute remote scripts. While Bash is an allowed tool, the skill body contains no executable shell commands.
[Indirect Prompt Injection] (LOW): The skill demonstrates a pattern for ingesting untrusted data from URL pathnames. Evidence: 1. Ingestion points: 'params' prop in 'app/[id]/page.tsx'. 2. Boundary markers: Absent (standard for simple code examples). 3. Capability inventory: 'fetch' operations in the code and 'allowed-tools' including Read/Write/Bash for the agent. 4. Sanitization: Absent in the provided template. This represents a standard surface where malicious input could influence downstream logic.
[Obfuscation] (SAFE): No Base64, zero-width characters, or other obfuscation techniques were identified.

nextjs-pathname-id-fetch