The Agent Skills Directory

[Prompt Injection] (SAFE): No instructions found that attempt to override agent safety protocols or reveal system prompts.
[Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive local files or perform unauthorized network requests. It uses standard browser APIs (chrome.storage) for state management.
[Obfuscation] (SAFE): No Base64 encoding, zero-width characters, or other obfuscation techniques are present in the scripts or documentation.
[Unverifiable Dependencies] (SAFE): No external package managers (npm, pip) are invoked, and no remote scripts are downloaded or executed.
[Privilege Escalation] (SAFE): The skill focuses on browser extension permissions (Manifest V3) and does not attempt to gain system-level or administrative privileges.
[Indirect Prompt Injection] (SAFE): The provided templates include code for reading web page content (content scripts). While this identifies a potential attack surface for the extensions built using these templates, the skill itself does not process untrusted external data.
[Dynamic Execution] (SAFE): No use of eval(), exec(), or other dynamic code execution patterns. The innerHTML usage in the UI injection example is a static template, though it is noted as a common pattern requiring sanitization in production.

browser-extension-builder