The Agent Skills Directory

[SAFE]: The skill serves as a legitimate auditing and analysis tool. Its primary functions involve searching for patterns using grep and processing data with trusted Python libraries like pandas and numpy.
[DATA_EXPOSURE]: The skill is designed to search for sensitive data such as AWS keys, passwords, and PII (SSNs, credit cards) as part of its security review functionality. However, it includes explicit constraints in the 'Required rules' section prohibiting the logging of sensitive information, mitigating the risk of exposure.
[INDIRECT_PROMPT_INJECTION]: The skill processes external data (code files, CSVs) via the Read and Grep tools. While these ingestion points represent a surface for indirect prompt injection, the risk is low as the skill's output is limited to a report format and does not involve executing the contents of the scanned files.
[COMMAND_EXECUTION]: The skill suggests several grep and bash commands for the agent to use. These commands are restricted to read-only operations and pattern matching within the local file system using the permitted tools.

pattern-detection