The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill documents dangerous coding patterns such as eval(), exec(), and insecure pickle usage. These are presented as "BAD" examples in the references/security-baseline.md and references/anti-patterns.md files to instruct the agent on what practices to avoid to prevent remote code execution vulnerabilities.\n- [COMMAND_EXECUTION]: The skill provides clear instructions on the risks of subprocess with shell=True and demonstrates the safe alternative of using argument lists and input validation. This is a defensive measure against command injection.\n- [CREDENTIALS_UNSAFE]: Guidelines are provided for secret management, specifically forbidding hardcoded secrets and recommending the use of pydantic-settings with environment variables. It also describes patterns for redacting sensitive information from logs.\n- [SAFE]: The skill recommends standard, industry-accepted tools and libraries and suggests integrating security scanning tools like pip-audit into the CI/CD pipeline.

python-modern-standards