The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to run local Python scripts (scripts/security_audit.py, scripts/find_secrets.py) and standard system utilities like grep and cat to analyze code for potential vulnerabilities.\n- [EXTERNAL_DOWNLOADS]: The skill refers to well-known security auditing tools like npm audit and pip-audit for dependency scanning and provides links to authoritative security resources such as the OWASP Top 10 documentation.\n- [PROMPT_INJECTION]: As a code auditing tool, the skill is inherently susceptible to indirect prompt injection if the source code it analyzes contains malicious instructions intended to manipulate the agent.\n
Ingestion points: Untrusted source files are ingested via grep commands in SKILL.md and read by the scripts/find_secrets.py script.\n
Boundary markers: None; the skill does not currently use specific delimiters to separate user code from instructions.\n
Capability inventory: The skill has access to the Bash tool for command execution and can write report files to the local file system.\n
Sanitization: None; the content of files is processed as raw text during the audit process.

security-auditor