The Agent Skills Directory

[SAFE]: The skill provides documentation on API styles (REST, GraphQL, tRPC), authentication, and security testing principles based on OWASP API Top 10. All information is educational and contains no malicious instructions.
[SAFE]: The script scripts/api_validator.py performs static analysis on local project files to validate API design best practices. It uses standard Python libraries (pathlib, re, json) and does not perform network operations, subprocess execution, or unsafe dynamic code evaluation.
[SAFE]: No evidence of data exfiltration or credential exposure was found. There are no hardcoded secrets or access to sensitive local file paths.
[SAFE]: Indirect Prompt Injection Surface: The api_validator.py script reads user project files, creating an ingestion point for untrusted data. However, the script is a dedicated auditing tool and its output consists of static reports on regex matches, which is a low-risk pattern. Ingestion points: scripts/api_validator.py reading files via Path.read_text. Boundary markers: None. Capability inventory: Read, Write, Edit, Glob, Grep. Sanitization: None.

api-patterns