The Agent Skills Directory

[PROMPT_INJECTION]: The skill provides clear instructions for the agent to act as a security expert. It does not attempt to override system instructions, bypass safety filters, or use role-play for malicious purposes.
[DATA_EXFILTRATION]: No evidence of code or instructions designed to exfiltrate data to external domains was found. The skill includes reference material on how to detect secrets and PII (Personally Identifiable Information), but does not attempt to harvest or transmit them itself.
[COMMAND_EXECUTION]: The skill allows the use of the Bash tool, which is appropriate for its function as a security auditing specialist to perform tasks like searching code with grep or analyzing changes with git diff.
[INDIRECT_PROMPT_INJECTION]: The skill is intended to process and audit untrusted code provided by a user. While this represents a vulnerability surface (Category 8), the skill contains extensive instructions on how to recognize and remediate such injections, and the surface itself is essential to the skill's primary function of code auditing.
[CREDENTIALS_UNSAFE]: No hardcoded secrets or credentials were found. All mentions of API keys, tokens, or passwords are used as placeholders (e.g., 'YOUR_API_KEY_HERE') or examples within the educational documentation.
[REMOTE_CODE_EXECUTION]: The skill does not download external scripts or execute code from remote sources. It provides static documentation and standard CLI-based auditing procedures.

security-guardian