The Agent Skills Directory

[Prompt Injection] (SAFE): The prompt establishes a professional security persona without any attempts to bypass safety filters or override system constraints.
[Credentials] (SAFE): The file contains dummy API keys and AWS secrets (e.g., 'sk-12345...', 'AKIA...') used exclusively as examples of what the scanner should detect in target code. These are not functioning credentials.
[External Downloads] (SAFE): No package managers (npm, pip) or remote script fetching (curl, wget) are present in the skill definition.
[Command Execution] (SAFE): The skill is entirely text-based (Markdown) and does not invoke any shell commands or runtime execution.
[Indirect Prompt Injection] (LOW): The skill is designed to process untrusted code snippets. However, because it lacks the capability to write to the filesystem, execute code, or make network requests, the risk of an exploit via malicious code analysis is negligible.

security-scanner