The Agent Skills Directory

[NO_CODE]: The skill consists entirely of Markdown-based documentation and code examples. It does not include any executable script files or binaries.
[SAFE]: The provided documentation is focused on security education and best practices. It correctly guides developers on how to use framework features to build secure integrations.
[CREDENTIALS_UNSAFE]: The skill explicitly warns against hardcoding API keys and demonstrates the correct use of encrypted password fields within the Frappe framework to manage sensitive credentials.
[DATA_EXFILTRATION]: Documentation for external API calls using the requests library includes recommendations for timeouts and secure error logging, preventing the leakage of internal system information to external users.
[PROMPT_INJECTION]: The skill identifies and provides mitigation strategies for handling untrusted data from API and webhook sources: 1. Ingestion points: Identified in whitelisted API methods and webhook handlers. 2. Boundary markers: The use of specific exception types like frappe.ValidationError is documented to ensure controlled error propagation. 3. Capability inventory: Database and network operations are documented with the requirement for prior validation and permission checks. 4. Sanitization: Detailed instructions are provided for input validation, type enforcement, and leveraging the framework's permission system.

erpnext-errors-api