Skills

security

Installation
SKILL.md

Android Security

Rule 1: Never store secrets in source code or BuildConfig

// ❌ Never — committed to git, visible in APK
const val API_KEY = "sk-1234567890abcdef"
buildConfigField("String", "API_KEY", "\"sk-1234567890abcdef\"")

// ✅ Use local.properties (gitignored) + build script injection
// local.properties (never commit this file)
// API_KEY=sk-1234567890abcdef

// build.gradle.kts
val apiKey = gradleLocalProperties(rootDir, providers).getProperty("API_KEY") ?: ""
buildConfigField("String", "API_KEY", "\"$apiKey\"")
Installs
9
Repository
piyushverma0/an…t-skills
GitHub Stars
13
First Seen
Apr 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
security — piyushverma0/android-agent-skills