The Agent Skills Directory

[PROMPT_INJECTION]: The SKILL.md and scripts/prompt_injection_scanner.py files contain numerous prompt injection strings such as 'ignore all previous instructions' and 'disregard all prior instructions'. These are used exclusively as regex patterns for the auditing engine to detect attacks in target skills and within the 'Manual Audit Checklist' documentation. They are not interpreted as instructions for the agent's behavior.
[COMMAND_EXECUTION]: The skill includes documentation and regex patterns relating to dangerous command execution (e.g., os.system, subprocess.call(shell=True)). These are part of the scanner's signature database used to find vulnerabilities in other code. The scanner scripts themselves do not execute these commands.
[DATA_EXFILTRATION]: The skill documentation includes examples of data exfiltration patterns (e.g., requests.post to an external collector) for detection purposes. The provided auditor scripts do not perform any outbound network requests.
[CREDENTIALS_UNSAFE]: The code scanner logic includes search patterns for sensitive file paths like ~/.ssh and ~/.aws. These are used to identify if a scanned skill is attempting to harvest credentials; the auditor skill itself does not access these sensitive paths.

skill-security-auditor