The Agent Skills Directory

[SAFE]: No malicious prompt injection or agent override patterns were detected. The skill instructions prioritize security review and state that security-sensitive features should never be delegated to AI scaffolding.
[DATA_EXFILTRATION]: No data exfiltration patterns were found. The skill includes specific instructions to scan for hardcoded credentials and secrets in AI-generated output before committing code, and emphasizes that authentication checks must occur server-side.
[EXTERNAL_DOWNLOADS]: The skill references industry-standard developer tools and libraries such as shadcn/ui, MSW (Mock Service Worker), json-server, and Expo for mobile prototyping. These are used in a standard development context.
[COMMAND_EXECUTION]: The skill describes the use of standard CLI tools (e.g., npx shadcn add, npx create-expo-app) for project scaffolding, which is consistent with its primary purpose as a developer tool.
[SAFE]: No obfuscation, persistence mechanisms, or privilege escalation attempts were identified. All provided code templates and examples use clear, idiomatic TypeScript and CSS.
[INDIRECT_PROMPT_INJECTION]: The skill has a functional surface for indirect prompt injection as it ingests user requirements and AI-generated code to create prototypes. However, it implements strong boundary markers and mandatory validation steps, such as requiring human review during the 'COOL' phase and providing specific templates for sanitizing user prompts and escaping rendered output.

forge