The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to use the carto CLI for essential tasks such as checking authentication status, listing connections, and generating scoped credentials. This is standard and necessary for the skill's stated purpose.
[EXTERNAL_DOWNLOADS]: The skill specifies the installation of industry-standard packages from the NPM registry and references official CartoDB and deck.gl GitHub repositories for code examples and scaffolds.
[DATA_EXPOSURE]: Guidance is provided for secure credential management, including the use of .env files and the generation of scoped public tokens. The documentation explicitly warns against embedding sensitive secrets, such as LLM API keys or M2M client secrets, in client-side application bundles.
[INDIRECT_PROMPT_INJECTION]: The 'agentic-variant' feature describes a runtime architecture for embedding AI chat capabilities. It identifies the user input surface and mitigates risk by requiring strict validation of tool calls through Zod schemas and a dedicated validation utility (validateToolParams) before any state changes are applied to the map.

carto-develop-app