The Agent Skills Directory

[SAFE]: The skill prioritizes security by design, requiring the agent to implement JWT authentication, bcrypt password hashing, and parameterized queries to prevent SQL injection. It further mandates input validation and rate limiting for sensitive endpoints.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes user-provided project manifests (e.g., package.json, pyproject.toml) and existing codebases to provide context for its development tasks. While it lacks explicit boundary markers to delimit untrusted code from agent instructions, this is an inherent and expected risk for a coding assistant and is treated as safe in this context.\n- [COMMAND_EXECUTION]: The agent is authorized to perform local command execution for essential development tasks, including running unit/integration tests and database migrations. These operations are conducted following a structured execution protocol and error-handling playbook, which minimizes the risk of unintended command side effects.

oma-backend