The Agent Skills Directory

[SAFE]: Extensive analysis across all threat categories found no evidence of malicious behavior.
[SAFE]: The skill uses industry-standard package managers (NPM, PyPI, Pub) to install well-known libraries from trusted ecosystems.
[SAFE]: Shell commands provided for project scaffolding and setup (such as npx init, npm install, and pip install) are standard for the described development workflows and target official registries.
[SAFE]: Environment variable handling is documented using best practices, suggesting the use of .env files and placeholders for sensitive configuration like database URLs and API keys without hardcoding any credentials.
[PROMPT_INJECTION]: The skill's primary function is to transform natural language user requests into structured project plans and code. While this constitutes a surface for indirect prompt injection, the orchestrator includes logical safeguards.
Ingestion points: User-provided requirements in SKILL.md and project-detection.md are used to drive the scaffolding process.
Boundary markers: The agent coordination logic defines mandatory checkpoints, specifically requiring the creation and verification of a PLAN.md file before any code generation or specialist agent activity begins.
Capability inventory: The skill utilizes standard file system and shell execution tools to create project structures and install dependencies.
Sanitization: The skill provides structural guidance for building features, though it does not explicitly define sanitization routines for the input request strings themselves.

app-builder