The Agent Skills Directory

[SAFE]: No malicious patterns or behaviors were identified in the skill content or references. The instructions provide a standard methodology for application security engineers.- [DATA_EXFILTRATION]: The skill is designed to analyze local repository files. It includes explicit safety instructions to redact secrets and credentials rather than outputting them, and it performs no network operations or external data transmissions.- [PROMPT_INJECTION]: The skill uses specific persona instructions to guide the agent in security analysis. While it processes external code which presents an indirect prompt injection surface, it is designed with defensive instructions. Evidence: (1) Ingestion points: local repository files and sub-paths referenced in user input; (2) Boundary markers: specific prompt templates and markdown formatting used to wrap analysis; (3) Capability inventory: file system read access for source code analysis and single file write access for report generation; (4) Sanitization: explicit instructions to redact secrets and sensitive values found in the codebase.

security-threat-model