The Agent Skills Directory

Safe Scaffolding Logic: The included Node.js script (scaffold_node_ext_apps.mjs) is used for generating project files locally. It performs standard file system operations to create a project structure and does not contain any network-based exfiltration or sensitive file access.\n- Standard Dependency Management: The projects generated by the skill utilize well-known, versioned packages from the @modelcontextprotocol organization and standard development tools like tsx and typescript.\n- Security-Focused Guidance: The skill explicitly instructs users and the agent to implement Content Security Policies (CSP), define domain allowlists, and manage sensitive credentials outside of the source code (e.g., via environment variables).\n- Trusted External Integrations: References to external documentation and tools point to official OpenAI developer resources and well-known services, adhering to trusted vendor patterns.\n- Indirect Prompt Injection Surface: Like any skill that processes and renders external data, there is a theoretical surface for indirect prompt injection. However, the skill provides architectural patterns (decoupling data and render tools) and guidance to treat host-delivered data as untrusted, minimizing this risk.

build-chatgpt-app