security-auditing

[Skill Scanner] Backtick command substitution detected This skill is primarily benign instructional content for conducting security audits. It contains a notable policy/anomaly: an explicit, mandatory, non-negotiable report template and fixed output path which constitutes a coercive instruction (prompt-injection-like) that could be abused if an autonomous agent follows the skill blindly — for example by forcing a specific format or by writing sensitive findings to a predictable location. There are no technical indicators of malware, obfuscation, secrets, or network exfiltration. Recommend marking the template requirement as a warning for autonomous use: treat the mandatory-template language as a policy that must be validated by a human operator before automatic application, and ensure file write operations are authorized and stored in appropriate, project-specific locations. LLM verification: The SKILL.md fragment is an agent instruction manifest for security auditing that contains dangerous patterns for an automated agent and for human developers: rigid mandatory templating (a prompt-injection/coercion risk), an insecure SQL example that teaches unsafe practice, and no guidance for redacting or protecting sensitive data when populating reports. There is no sign of executable malware or network-based exfiltration in the file itself, but in a supply-chain context this document could b