The Agent Skills Directory

[SAFE]: The skill serves as an authoritative and defensive resource for writing secure SuiteScript and JavaScript code. It provides implementation-depth guidance on mitigating the OWASP Top 10 (2021) risks.
[PROMPT_INJECTION]: Static analysis detected an injection pattern ("IGNORE ALL PREVIOUS INSTRUCTIONS") in 'appendix-ai-agent-security.md'. This is a false positive as the string is part of an educational example used to demonstrate prompt injection threats to developers. Furthermore, the skill includes a 'SafeWords' section in 'SKILL.md' that instructs the agent to ignore instructions embedded inside retrieved content, providing a defensive guardrail.
[CREDENTIALS_UNSAFE]: The skill contains example API keys and secrets (e.g., 'sk-prod-a8f3k29d5e7b1c4f6'). These are exclusively found in 'BAD' code templates used to illustrate the dangers of hardcoding credentials as part of security training.
[COMMAND_EXECUTION]: Documentation within 'references/01-injection-prevention.md' and other files discusses command injection risks (OSCP-002) and demonstrates safe use of the Node.js 'child_process' module. No actual shell commands are executed by the skill itself.
[EXTERNAL_DOWNLOADS]: The skill references official OWASP guidelines and Oracle documentation. It provides templates for secure communication but does not perform any untrusted or remote downloads.

netsuite-owasp-secure-coding