The Agent Skills Directory

[SAFE]: The skill demonstrates secure configuration practices by using environment variables (${JWT_SECRET}, ${DATABASE_URL}) instead of hardcoding sensitive credentials in the application.yaml file.
[SAFE]: Implements structured error handling via the StatusPages plugin, which correctly handles exceptions and prevents leaking internal stack traces to the client.
[SAFE]: Includes explicit request validation logic to verify incoming data (e.g., email format and string lengths) before processing, which is a key security best practice.
[SAFE]: The CORS configuration follows the principle of least privilege by explicitly listing allowed hosts (localhost:3000, example.com) and HTTP methods rather than using permissive wildcards.
[SAFE]: Authentication is correctly implemented using JWT with a verifier that checks both issuer and audience, preventing common token validation bypasses.

kotlin-ktor-patterns