The Agent Skills Directory

[SAFE] (SAFE): No security issues detected. The skill consists of documentation and configuration templates that promote secure coding practices and provide guidance on triaging common vulnerabilities.\n- [Prompt Injection] (SAFE): Analysis of all markdown files and metadata reveals no attempts to override agent behavior, bypass safety filters, or extract system prompts.\n- [Data Exposure & Exfiltration] (SAFE): No hardcoded secrets, sensitive file paths, or unauthorized network operations were found. The skill correctly instructs users on how to avoid sensitive data exposure in logs.\n- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No remote code is downloaded or executed. The GitHub Actions templates use well-known, version-pinned actions (e.g., actions/checkout@v4) and placeholders for scanning tools.\n- [Indirect Prompt Injection] (INFO): The skill provides instructions for the agent to triage security findings from external sources. While this establishes an ingestion surface for untrusted data, the skill is purely instructional and lacks the automated write or execution capabilities that would allow for exploitation of the agent context during triage.

security-scanning