The Agent Skills Directory

SAFE (SAFE): No security issues were detected. The skill is limited to providing documentation and configuration examples for a UI framework.\n- EXTERNAL_DOWNLOADS (SAFE): References to crates.io are used for standard package information and do not involve unauthorized or suspicious downloads.\n- PROMPT_INJECTION (SAFE): No attempts to bypass safety filters or override agent behavior were found. The use of 'CRITICAL' in the metadata is a routing instruction for the agent and does not constitute a malicious override.\n- DATA_EXFILTRATION (SAFE): No sensitive file access or network exfiltration patterns were identified.\n- INDIRECT PROMPT INJECTION (LOW): The skill documentation describes widgets like TextFlow and Link that ingest text and URLs. While this creates a surface for indirect injection if populated with untrusted data, the skill itself is purely informational.\n
Ingestion points: text and href properties in SKILL.md and references/font-system.md.\n
Boundary markers: Absent.\n
Capability inventory: UI rendering and potential link navigation.\n
Sanitization: Not addressed in documentation.

makepad-font