The Agent Skills Directory

[SAFE]: Mandates secure credential management by strictly prohibiting the hardcoding of SDK keys and requiring the use of environment variables and .gitignore for all secrets.\n- [SAFE]: Implements structured blocking checkpoints (D7, D8) that require explicit user consent via a structured question tool before the agent can write secrets or modify existing project dependencies.\n- [SAFE]: Protects sensitive information obtained via MCP tools (such as get-environments) by instructing the agent to avoid logging or echoing full secret values in the conversation history or logs.\n- [SAFE]: Manages the risk of indirect prompt injection through a secure interaction model. Ingestion points: repository manifests (package.json, requirements.txt) and source code are analyzed to determine the integration path. Boundary markers: the workflow uses structured D7 and D8 blocking checkpoints for mandatory human-in-the-loop validation of all critical actions. Capability inventory: the skill utilizes file system writes, package manager commands, and specific MCP tool calls for configuration. Sanitization: includes explicit instructions for the agent to sanitize output and avoid echoing sensitive data in the chat interface.

apply