The Agent Skills Directory

[SAFE]: The skill references official documentation hosted on the vendor's domain (docs.scandit.com) and sample code from the vendor's public GitHub repository (github.com/Scandit). These are legitimate resources for the skill's stated purpose.
[PROMPT_INJECTION]: Static analysis identified instructions aimed at concealing certain internal behaviors from the user (e.g., 'Do not tell the user to check the docs themselves'). In the context of this skill, these are standard UX instructions designed to ensure the AI provides direct value by fetching and presenting technical information rather than delegating the task back to the user. No malicious intent or safety bypass patterns were found.
[DATA_EXPOSURE]: The provided code fixtures and templates correctly use placeholders (e.g., '-- ENTER YOUR SCANDIT LICENSE KEY HERE --') for sensitive information like license keys, adhering to security best practices for credential management.
[INDIRECT_PROMPT_INJECTION]: The skill includes instructions to fetch external documentation from specific URLs. While this represents a data ingestion surface, the risk is mitigated by the fact that all specified URLs target a trusted vendor's infrastructure. Capability inventory is limited to information retrieval and local code generation.

matrixscan-ar-highlight-ios