The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill documents an attack surface for indirect prompt injection as it facilitates the ingestion of untrusted user content (reviews and discussion posts).
Ingestion points: User-generated content enters the system via POST /v1/storefront/reviews and POST /v1/storefront/discussions (documented in references/storefront.md).
Boundary markers: The system prompt and data boundaries are managed by the platform; the skill documentation mentions that discussions are AI-moderated.
Capability inventory: The provided client scripts and examples utilize standard fetch operations to communicate with the LearnBase API. There is no evidence of the skill performing subprocess execution or local file system writes based on untrusted data.
Sanitization: The documentation in 01-academy-anatomy.md explicitly states that for custom CSS, "script/import tags are stripped" by the platform. Examples using dangerouslySetInnerHTML in React are for rendering content that is described as being moderated and sanitized by the backend service.
[DATA_EXFILTRATION]: Network operations are restricted to communication with the official service domain (api.uselearnbase.com) or the user's local development server. There is no evidence of data being sent to unauthorized third-party domains.
[CREDENTIALS_UNSAFE]: The skill uses clear placeholders (e.g., lb_replace_me, whsec_replace_me) for sensitive information in environment variable templates. It correctly instructs users to manage secrets using .env files and to keep administrative keys server-side only.

learnbase-api