The Agent Skills Directory

[PROMPT_INJECTION]: The skill's documentation (SKILL.md and references/threat-model.md) contains various prompt injection strings, such as "ignore previous instructions" and "DAN" mode examples. These are explicitly categorized as attack vectors to be detected during an audit and are not directed at the agent executing the skill.
[COMMAND_EXECUTION]: The skill executes a bundled Python script (scripts/audit.py) to perform structural validation and check for suspicious patterns like Unicode anomalies or Base64 blocks. This is a local administrative operation necessary for the skill's auditing function and does not involve arbitrary or dangerous system commands.
[DATA_EXFILTRATION]: While the skill's examples and test cases (evals.json, references/report-examples.md) mention data exfiltration URLs like evil.com, these are used solely as illustrative samples for what the auditor should identify and are not functional instructions to exfiltrate data.
[SAFE]: The skill demonstrates high security maturity by providing a detailed threat model, clear severity classifications, and specific remediation guidance for identified issues.

skill-audit