The Agent Skills Directory

[SAFE]: The skill provides high-quality architectural guidance focused on building secure applications. It explicitly details security patterns like Row-Level Security (RLS) for multi-tenant data isolation and the use of scoped service tokens.
[DATA_EXPOSURE_AND_EXFILTRATION]: No hardcoded credentials or sensitive data exposure patterns were found. All credential examples use placeholders (e.g., '...', 'KEY', or local development strings like 'postgresql://app:app@localhost:5432/myapp'). The skill instructs users to use platform-managed secret interpolation ('${secret.KEY}') and to gitignore local secret files ('.eve/dev-secrets.yaml').
[COMMAND_EXECUTION]: Shell commands and Dockerfile instructions provided are standard for development, build, and deployment workflows. The Dockerfile examples follow security best practices by implementing non-root users ('USER node') and defining health checks.
[EXTERNAL_DOWNLOADS]: The skill references standard external resources, including official Docker images ('node:22-slim', 'nginx:alpine') and platform-specific migration tools from Amazon ECR Public ('public.ecr.aws/w7c4v0w3/eve-horizon/migrate'). These resources are consistent with the skill's stated purpose and originate from well-known services.
[PROMPT_INJECTION]: No attempts to override agent behavior or bypass safety filters were detected. The language is purely instructional and technical.
[INDIRECT_PROMPT_INJECTION]: While the skill encourages building application CLIs that agents interact with (which presents an indirect injection surface if the application database contains malicious content), it mitigates this risk by recommending strict data isolation via RLS and machine-readable JSON outputs. This is a standard architectural risk for developer-focused agents and is handled appropriately.

eve-fullstack-app-design