The Agent Skills Directory

[PROMPT_INJECTION]: The skill incorporates a dedicated 'Untrusted-content discipline' section which provides clear instructions to treat all external inputs—including user messages, workspace files, and fetched web content—as data rather than instructions. This effectively mitigates risks from both direct and indirect prompt injection by ensuring the agent does not execute embedded directives or rescope itself based on untrusted content.
[DATA_EXFILTRATION]: Explicit guidelines are provided to prevent the echoing of sensitive information, such as API keys, bearer tokens, or private keys (PEM blocks), back into the output. This protects against accidental credential exposure or targeted exfiltration attempts.
[EXTERNAL_DOWNLOADS]: The skill references external resources exclusively from trusted and well-known domains, including the official SAP Help Portal (help.sap.com), SAP Development Tools (tools.hana.ondemand.com), and the official SAP samples repository on GitHub. These sources are considered safe and standard for the documented development workflows.
[COMMAND_EXECUTION]: No dangerous command execution patterns, such as shell script execution or unrestricted system calls, were detected. The skill focuses on generating declarative CDS and ABAP code within the context of the SAP RAP framework.
[SAFE]: The skill maintains a narrow and well-defined technical scope. It proactively includes security checklists for developers, such as guidance on MIME type whitelisting and content-disposition settings for file handling, demonstrating a high level of security awareness.

sap-rap-dev