The Agent Skills Directory

[SAFE]: The skill implements strong security defaults. It explicitly prohibits the exposure of deployment tokens, environment secrets, and credentials. It mandates that the agent must never ask users for secrets, tokens, cookies, or auth headers.
[SAFE]: The skill uses a limited set of tools (Read, Grep, Glob) focused on information gathering and code inspection. It does not include tools for remote code execution, network exfiltration, or destructive file system modifications.
[SAFE]: Indirect Prompt Injection risk is minimal and well-mitigated. While the skill ingests untrusted data (user snippets and repository code), the instructions include clear boundaries, such as requesting redacted URLs/snippets and providing verification checklists for the user to execute manually rather than the agent performing automated changes.

cms-live-preview-visual-builder-support-assistant