The Agent Skills Directory

[PROMPT_INJECTION]: No malicious override instructions, bypass attempts, or system prompt extraction patterns were found. The instructions are strictly technical and architectural.
[DATA_EXFILTRATION]: No unauthorized data collection or exfiltration behaviors were detected. Network operations are limited to the intended functionality of communicating with self-hosted API routes and the official Velt infrastructure.
[CREDENTIALS_UNSAFE]: No hardcoded credentials were discovered. The skill uses clear placeholders (e.g., YOUR_API_KEY, AKIA...) and emphasizes the use of environment variables for securing sensitive configuration like database connection strings and AWS keys.
[EXTERNAL_DOWNLOADS]: Dependencies are restricted to official Velt packages (@veltdev/react, velt-py) from standard public registries. No unverified remote script executions (e.g., curl | bash) are present.
[COMMAND_EXECUTION]: Shell commands included in the documentation are standard installation and development tasks (npm install, pip install). Database operations utilize parameterized queries or official SDK methods, adhering to secure coding standards.
[SAFE]: The skill promotes several security best practices, including the use of fieldsToRemove to strip PII from data before it reaches Velt servers and the implementation of idempotent upsert operations to handle retries safely.

velt-self-hosting-data-best-practices