The Agent Skills Directory

[SAFE]: The skill serves as a reference guide for security best practices, providing educational examples of how to prevent common vulnerabilities like SQL injection, command injection, and path traversal.
[CREDENTIALS_UNSAFE]: The documentation includes dummy API key placeholders (e.g., 'sk-ant-1234567890abcdef') specifically to illustrate insecure practices that must be avoided. No actual credentials or secrets are exposed.
[EXTERNAL_DOWNLOADS]: Suggests the use of well-known security auditing tools like 'safety' and 'pip-audit' from official package registries to scan dependencies for vulnerabilities.
[COMMAND_EXECUTION]: Provides patterns for the secure execution of shell commands using subprocess modules with shell integration disabled, which is a standard security best practice.
[DATA_EXFILTRATION]: Contains logic and instructions focused on preventing data exposure, such as masking secrets in logs and using environment variables instead of hardcoding secrets.

security-patterns