The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill's metadata includes an installation command that fetches the core instruction file from a GitHub repository. This is a standard delivery mechanism for AI skills and targets a well-known, trusted service.
[REMOTE_CODE_EXECUTION]: While the skill references external utility scripts for token calculation and stream parsing, these are presented as tools for the developer rather than automated runtime execution of untrusted code. The libraries used (e.g., Vercel AI SDK) are standard in the industry.
[DATA_EXFILTRATION]: Analysis of the component code and instructions found no evidence of credential harvesting, access to sensitive local files, or unauthorized data transmission to external domains.
[PROMPT_INJECTION]: The instructions focus entirely on UI patterns and do not contain directives aimed at bypassing safety filters or overriding the agent's system prompt.
[SAFE]: The skill explicitly incorporates security best practices by including a section on sanitizing AI-generated content with DOMPurify, which protects the resulting application from Cross-Site Scripting (XSS) attacks.

building-ai-chat