The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill suggests the use of the unzip command to process .skill files. This is a legitimate requirement for its stated purpose of analyzing packaged skills and is presented as a guided instruction rather than an automated background task.
[DATA_EXFILTRATION] (SAFE): No unauthorized network requests or sensitive file access patterns were detected. The skill operates on local skill files provided for analysis and explicitly warns against undisclosed network calls in its reference guide.
[OBFUSCATION] (SAFE): The references/security_patterns.md file contains Base64 encoded strings and dangerous code snippets (such as rm -rf /). However, these are clearly documented and labeled as 'Red Flags' or 'Suspicious' examples intended for the AI to identify during audits. They do not constitute executable obfuscation within the skill itself.
[PROMPT_INJECTION] (SAFE): The instructions are well-structured and focus on establishing a rigorous security posture for auditing. There are no attempts to bypass safety filters or override system instructions for malicious purposes. The skill includes a robust framework for detecting prompt injection in other content.

skill-security-analyzer