The Agent Skills Directory

[SAFE]: The skill implements a robust authentication architecture using NextAuth v5. Route protection is enforced through server-side session checks in React Server Components (assets/components/dashboard-layout.tsx), which is a secure pattern for preventing unauthorized access to sensitive dashboard pages.
[SAFE]: API routes include consistent multi-tenant authorization checks via helper functions (requireTeamMember, requireTeamAdmin) in assets/lib/api-helpers.ts. This ensures that users are restricted to data within their authorized team workspace.
[SAFE]: All API inputs are strictly validated using the Zod library before processing. This mitigates common risks associated with malformed data or injection attacks by ensuring that all incoming requests conform to expected schemas.
[EXTERNAL_DOWNLOADS]: The scripts/setup.sh script automates the installation of well-known, industry-standard dependencies from public registries (NPM/Bun) and utilizes the official shadcn/ui CLI. These are standard development workflows for modern web projects and do not involve the execution of untrusted remote scripts.
[SAFE]: Essential security headers, including X-Frame-Options, X-Content-Type-Options, and Referrer-Policy, are explicitly configured in assets/config/proxy.ts to provide defense-in-depth against common web vulnerabilities like clickjacking.

team-saas