There isnt really a set of guidelines for that, as it could be anything someone is adding, so the guidelines could only be to write secure code. If you are unsure on that, it would be best to contact a developer on this, rather than adding yourself. Generally however, if you are adding things from a known vendor using their code, it will likely have been tested.