The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill is configured to fetch the jsQR library from the JSDelivr CDN. JSDelivr is a well-known and trusted service for hosting open-source software packages.- [PROMPT_INJECTION]: The skill facilitates the ingestion of data from external QR codes, which represents a potential surface for indirect prompt injection if the agent processes the results without isolation.
Ingestion points: Untrusted data enters the context via the qrResults.data field after a camera scan.
Boundary markers: The provided usage examples do not include delimiters or instructions to treat the scanned data as untrusted.
Capability inventory: The skill provides camera access for data capture and displays results in the UI.
Sanitization: No sanitization or validation of the decoded QR content is implemented in the provided component logic.- [SAFE]: The software dependencies and referenced modules are identified as vendor resources belonging to caffeinelabs or are hosted on trusted well-known services. No persistence, obfuscation, or unauthorized access patterns were identified.

extension-qr-code