The Agent Skills Directory

Prompt Injection (SAFE): No instructions were detected that attempt to override agent behavior, bypass safety filters, or extract system prompts.\n- Data Exposure & Exfiltration (SAFE): No sensitive file paths, hardcoded credentials, or unauthorized network operations were found in the code or documentation.\n- Obfuscation (SAFE): No malicious use of Base64, zero-width characters, or homoglyphs. Base64 is only mentioned in the context of standard image data URIs for placeholders.\n- Remote Code Execution (SAFE): No patterns for downloading and executing remote scripts (e.g., curl|bash) or dynamic code evaluation (eval/exec) were found.\n- Privilege Escalation & Persistence (SAFE): The skill does not contain any commands related to system-level permission changes or persistence mechanisms.\n- Indirect Prompt Injection (SAFE):\n
Ingestion points: The OptimizedImage and AvatarImage components process externally provided src, alt, and blurDataURL values.\n
Boundary markers: Rendering occurs via React's virtual DOM, which provides inherent protection against common injection vectors through proper escaping.\n
Capability inventory: The skill is limited to front-end rendering and does not possess capabilities for file writing, network exfiltration, or command execution.\n
Sanitization: The provided checklist documentation explicitly recommends SVG sanitization and setting dangerouslyAllowSVG: false in the production configuration.

image-optimization