The Agent Skills Directory

PROMPT_INJECTION (SAFE): No patterns attempting to override agent behavior or bypass safety filters were detected. The instructions are structured for professional security assessment.- DATA_EXFILTRATION (SAFE): No commands for exfiltrating sensitive data were found. References to sensitive patterns (e.g., API keys, tokens) are correctly placed within the context of identifying risks during an audit process rather than hardcoding actual credentials.- REMOTE_CODE_EXECUTION (SAFE): The skill suggests running standard security tools like npm audit, pip-audit, and gitleaks. There are no instances of piping remote scripts to shells or other high-risk execution patterns.- OBFUSCATION (SAFE): The content is clear and readable. No Base64, zero-width characters, or other hidden encoding techniques were identified.- INDIRECT_PROMPT_INJECTION (LOW): While the skill is designed to process external codebases (untrusted data), it serves as a passive workflow/checklist. 1. Ingestion points: Codebase and dependency files (SKILL.md). 2. Boundary markers: None explicitly defined in the workflow steps. 3. Capability inventory: Execution of security scanners (SKILL.md). 4. Sanitization: None mentioned for the data being audited. Risk is considered minimal as it follows a standard audit procedure.

security-audit