The Agent Skills Directory

[SAFE]: The skill provides educational code snippets and architectural guidance for implementing save/load systems in web games. It uses standard browser APIs (localStorage, IndexedDB) for persistence.
[OBFUSCATION]: The inclusion of base64-based obfuscation (btoa/atob) in the ObfuscatedSaveManager is explicitly documented as a common game development practice to prevent casual user tampering with save files, rather than an attempt to hide malicious intent within the skill instructions.
[DATA_EXFILTRATION]: While the skill outlines a cloud save architecture using POST /api/save, it does so conceptually and does not include hardcoded credentials or actual data exfiltration logic. It correctly suggests using session tokens for authentication.
[INDIRECT_PROMPT_INJECTION]: The skill demonstrates reading data from localStorage which is technically an untrusted source controllable by the user. This represents an architectural surface area inherent to the task. 1. Ingestion points: localStorage.getItem() calls in SKILL.md and references/save-patterns.md. 2. Boundary markers: Absent. 3. Capability inventory: Data is parsed and used to populate game registries, settings, and metadata. 4. Sanitization: Absent, relying on JSON.parse for structure validation.

phaser-saveload