ai-agent-implementation
Provides a comprehensive checklist and best practices for implementing AI agent tools, ensuring effective deployment and testing.
Install this skill
Security score
The ai-agent-implementation skill was audited on Feb 9, 2026 and we found 17 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 159 | throw new Error(`Tool failed: ${response.statusText}`); |
Template literal with variable interpolation in command context
| 214 | `${rateLimits.toolName.window}s` |
Template literal with variable interpolation in command context
| 366 | "Authorization": `Bearer ${process.env.API_KEY}`, |
Template literal with variable interpolation in command context
| 373 | throw new Error(`API failed: ${response.statusText}`); |
Fetch to external URL
| 152 | const response = await fetch("/api/tools/tool-name", { |
Fetch to external URL
| 363 | const response = await fetch("https://api.example.com/endpoint", { |
Access to .env file
| 40 | - [ ] Document environment variables in `.env.example` |
Access to .env file
| 313 | 2. **Environment variables** - Use `.env` files |
Access to .env file
| 338 | const resend = new Resend(process.env.RESEND_API_KEY); |
Access to .env file
| 341 | from: process.env.RESEND_FROM_EMAIL!, |
Access to .env file
| 366 | "Authorization": `Bearer ${process.env.API_KEY}`, |
Access to .env file
| 454 | 1. Add to `.env.example` with description |
Access to .env file
| 478 | const apiKey = process.env.API_KEY; // Client-side! |
Access to .env file
| 495 | const apiKey = process.env.API_KEY; // Secure |
External URL reference
| 237 | const request = new Request("http://localhost", { |
External URL reference
| 247 | const request = new Request("http://localhost", { |
External URL reference
| 363 | const response = await fetch("https://api.example.com/endpoint", { |