The Agent Skills Directory

[SAFE]: The skill serves a security-enhancing purpose by auditing other skills for hardcoded API keys and dangerous commands (e.g., rm -rf /). No malicious patterns, obfuscation, or unauthorized access attempts were detected in the provided files.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it is designed to ingest and analyze untrusted external data from other skills. Evidence: Ingestion points: Reads SKILL.md, .py, .yaml, and .json files from user-specified directories as described in the '审查流程' (Audit Process) of SKILL.md. Boundary markers: None identified; the skill does not specify delimiters to separate untrusted content from the auditor's instructions. Capability inventory: Limited to file system discovery (Glob) and reading (Read) as specified in the '使用方法' (Usage Method); no subprocess execution or network operations are requested. Sanitization: No sanitization or escaping of the ingested file content is mentioned.- [NO_CODE]: The skill is implemented using Markdown instructions and structured checklists rather than shipping its own scripts, relying on the agent's built-in file management tools.

skill-lint