The Agent Skills Directory

[Category 1: Prompt Injection] (SAFE): No instructions attempting to override agent behavior, bypass safety protocols, or extract system prompts were detected. The skill focuses strictly on providing security assessment frameworks.- [Category 2: Data Exposure & Exfiltration] (SAFE): No patterns of sensitive file access or data exfiltration. The skill references legitimate domains and standard security tools for the purpose of software development lifecycle hardening.- [Category 4: Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references several GitHub Actions and tools from trusted organizations such as 'ossf' (OpenSSF), 'slsa-framework', and 'actions' (GitHub). It explicitly promotes the use of cryptographic SHA-256 hashes for pinning dependencies, which is a key security best practice to prevent supply chain attacks. Remote resources listed are documentation and official repositories from trusted organizations.- [Category 5: Privilege Escalation] (SAFE): No commands requesting root access, modifying system configurations, or escalating privileges were found.- [Category 8: Indirect Prompt Injection] (SAFE): The skill demonstrates high security awareness by explicitly warning against shell injection vulnerabilities in GitHub Actions (e.g., interpolating untrusted event data into 'run' blocks). Ingestion points are limited to standard CI/CD configuration files with clear guidance on sanitization and least-privilege scoping.- [Category 10: Dynamic Execution] (SAFE): No instances of dynamic code generation or runtime compilation of untrusted input were detected. The YAML and shell templates provided are static and follow security industry standards.

enterprise-readiness