The Agent Skills Directory

Security Validation Script: The skill includes a dedicated Node.js validator (validate-ai-webapi.js) that automatically scans the project for required security headers, such as __RequestVerificationToken (CSRF) and OData versioning. This ensures the generated integration adheres to Power Platform security requirements before deployment.
Safe UI Rendering Patterns: Detailed documentation and code snippets are provided for React, Vue, Angular, and Astro to ensure AI-generated summaries are rendered safely. The skill explicitly warns against the use of dangerous properties like innerHTML or v-html, providing custom component logic to handle text and markdown tokens safely.
Least Privilege Access: The skill follows a layered architecture, delegating data access and permission configuration to specialized sub-skills in a read-only mode. This ensures the AI integration has the minimum permissions necessary to function without granting unnecessary write access to the underlying database.
Credential Management: The implementation correctly utilizes existing portal session authentication and CSRF tokens instead of requiring hardcoded API keys or bearer tokens, which aligns with standard security best practices for the Power Platform.

add-ai-webapi