The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill documentation includes hardcoded API credentials within its code examples. A Movie Database (TMDB) API key (f48bcc9ed9cbce41f6c28ea181b67e14) is embedded in files such as references/docs/inputs/autocomplete.md and references/docs/inputs/taglist.md. Additionally, a FormKit Pro project key (fk-52971f34220) is hardcoded in references/docs/plugins/auto-animate.react.md.
[EXTERNAL_DOWNLOADS]: Numerous documentation examples include network requests to external domains. These include api.themoviedb.org for fetching movie data, httpbin.org for testing file uploads, and cdn.jsdelivr.net for loading CSS and SVG icons. While these are well-known services used for demonstration, they represent dependencies on external infrastructure.
[PROMPT_INJECTION]: Static detectors flagged instructions related to concealing actions from users in references/docs/plugins/multi-step.md and references/docs/plugins/multi-step.react.md. Upon manual review, these sections describe user experience patterns intended to make complex forms feel less overwhelming by breaking them into steps, rather than instructions to the AI to hide its internal logic or bypass safety guardrails. This is a false positive based on the context of form design advice.

formkit-core-skilld