The Agent Skills Directory

[PROMPT_INJECTION]: No attempts to override agent safety guidelines or bypass behavioral constraints were detected. The instructions are focused on providing a structured framework for API design and auditing.
[DATA_EXFILTRATION]: No commands or instructions for accessing sensitive files or exfiltrating data to external domains were found. The skill emphasizes protecting sensitive data through practices like HMAC signing and avoiding credentials in query strings.
[CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or passwords are present. The skill provides correct guidance on managing secrets using hashing and secret managers.
[OBFUSCATION]: No obfuscated content, such as multi-layer Base64, zero-width characters, or homoglyphs, was detected. Examples of Base64-encoded pagination cursors and HMAC signatures are used strictly for illustrative purposes.
[REMOTE_CODE_EXECUTION]: The skill does not perform any remote code downloads or execution. It mentions standard development tools (e.g., oasdiff, buf) as recommendations for a CI/CD pipeline, but does not execute them.
[COMMAND_EXECUTION]: No shell command execution or system-level calls are present in the skill files.
[DYNAMIC_CONTEXT_SERVICE]: No dynamic context injection using the '!command' syntax was found in the SKILL.md file.
[INDIRECT_PROMPT_INJECTION]: While the skill is designed to audit external API specifications and code, it explicitly instructs the agent to 'verify in code' and 'don't trust docs or comments,' which serves as a defensive measure against deceptive input data.

sota-api-design