The Agent Skills Directory

Indirect Prompt Injection (SAFE): The skill is designed to process untrusted source code for security audits, which creates an inherent attack surface for indirect prompt injection. However, no exploitation logic is present.
Ingestion points: scripts/find_secrets.py (line 42) and SKILL.md recommend scanning entire project directories.
Boundary markers: Absent; the tool does not provide specific delimiters or 'ignore' instructions for the LLM when processing audited code.
Capability inventory: Bash, Read, Grep, and WebSearch are enabled, allowing the agent to execute commands and access the network based on its analysis.
Sanitization: Absent; the content of audited files is processed directly without sanitization.
Data Exposure & Exfiltration (SAFE): The skill includes a secret scanner (scripts/find_secrets.py) that identifies sensitive patterns (AWS, Google, OpenAI keys). Findings are printed locally to the console for the user's audit report; no network exfiltration code is present.
Unverifiable Dependencies (SAFE): The skill documentation suggests using standard industry tools like npm audit and pip-audit, which are trusted sources for vulnerability data.
Command Execution (SAFE): The skill provides scripts for report generation and secret scanning. These scripts use standard Python libraries (pathlib, argparse) and perform routine file operations associated with the skill's primary purpose.

security-auditor