The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains a 'CRITICAL' instruction that explicitly tells the agent to 'COMPLETELY IGNORE' any arguments provided by the user in the initial command. While intended to enforce an interactive workflow, this is a pattern of overriding user-supplied input instructions.
[DATA_EXPOSURE]: The skill is designed to read and analyze the entire codebase, including project configuration files like package.json and .csproj. It specifically looks for security anti-patterns such as hardcoded secrets, which means it will ingest sensitive data into the agent's context as part of its primary function.
[INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests untrusted data (the codebase being audited) and processes it using an AI sub-agent without explicit boundary markers or sanitization.
Ingestion points: Reads project files, manifest files (package.json, etc.), and source code via Glob and Read tools.
Boundary markers: None identified in the instructions for separating the code content from the analysis prompts.
Capability inventory: Uses Glob and Read to access files, invokes an Agent tool (sub-agent), and writes reports to the file system.
Sanitization: No evidence of sanitization or escaping of the ingested code content before it is passed to the sub-agent.

modernize-audit