The Agent Skills Directory

[SAFE]: No malicious patterns or security risks were detected. The skill is designed to educate users on implementing security measures within LangChain applications.
[CREDENTIALS_UNSAFE]: The skill provides defensive guidance against hardcoding credentials. It illustrates the danger of hardcoded API keys and provides safe alternatives using environment variables (python-dotenv) and Cloud Secrets Managers (Google Cloud Secret Manager).
[PROMPT_INJECTION]: The skill includes code snippets for preventing prompt injection attacks. It demonstrates input sanitization using regular expressions to redact common injection payloads and recommends using structured message templates to isolate user input from system instructions.
[COMMAND_EXECUTION]: The skill demonstrates safe command execution practices. It provides a safe_shell tool example that uses a strict whitelist of allowed commands (ls, cat, etc.) and utilizes shlex.split and subprocess.run with a timeout and restricted working directory to mitigate risks.
[DATA_EXFILTRATION]: The skill provides an example of output validation using Pydantic models to ensure that LLM responses do not inadvertently contain sensitive patterns like API keys or Social Security Numbers.

langchain-security-basics