The Agent Skills Directory

[SAFE]: The skill serves as a security guide for Python development, providing correct remediation for common vulnerabilities like SQL injection, command injection, and path traversal.
[CREDENTIALS_UNSAFE]: The skill contains a hardcoded placeholder API key ('sk-abc123') used specifically in a 'BAD' example to demonstrate insecure secrets management. This is educational and does not represent an actual credential leak.
[EXTERNAL_DOWNLOADS]: The documentation references standard Python security utilities such as 'pip-audit', 'pip-tools', and 'safety' for dependency management and auditing. These are well-known tools from the Python community.
[PROMPT_INJECTION]: Indirect Prompt Injection surface detected. Ingestion points: Python source code files provided for review via the Read tool. Boundary markers: Absent in skill instructions. Capability inventory: Use of Bash, Read, Write, Glob, and Grep tools (SKILL.md). Sanitization: Absent; the skill instructs users on sanitization but does not perform it on input code.

security-modern-python