The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill requests and uses the Bash tool, which enables the execution of arbitrary system commands. While the intended use cases are for npm audit and pip-audit, the lack of constraints on this tool represents a high risk if the agent's logic is manipulated.
[PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8) because it is designed to ingest and reason over untrusted data with high-privilege tools.
Ingestion points: Reads and scans arbitrary code files, configuration files, and dependency manifests (e.g., SKILL.md activation triggers).
Boundary markers: Absent. The skill provides no instructions to the agent on how to distinguish its core logic from the content of the files it is auditing.
Capability inventory: Possesses Read, Grep, and Bash capabilities, allowing it to read sensitive files and execute commands based on interpreted data.
Sanitization: None. There is no evidence of sanitization or validation of the input data before it is processed by the agent or passed to tools.
[EXTERNAL_DOWNLOADS] (LOW): The skill references the use of pip-audit and npm audit. While these are standard security tools, they involve interacting with external package registries (pypi.org, registry.npmjs.org), which is noted as a dependency on external sources.

security-auditor