The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to run a bundled Python analysis script via the uv package manager. This use of shell access is justified by the skill's core functionality of scanning local skill directories for security issues.- [EXTERNAL_DOWNLOADS]: The skill references the official installation documentation for the uv tool from Astral and incorporates a list of well-known and trusted domains (such as GitHub, Sentry, and PyPI) within its logic for verifying the reputation of URLs found during scans.- [PROMPT_INJECTION]: The references/prompt-injection-patterns.md file contains a list of prompt injection and jailbreak patterns. As the skill is a security tool, these patterns are documented for identification and educational purposes rather than as instructions for the agent to follow.- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it reads and analyzes untrusted data from other skills. The instructions mitigate this risk by providing the agent with a confidence framework and false-positive guidance to distinguish between malicious instructions and analysis data.- [SAFE]: No malicious behaviors, hardcoded secrets, or unauthorized network operations were detected. The script implementation follows security best practices, such as using yaml.safe_load(), and all potentially suspicious code snippets are part of a legitimate security reference library.

skill-scanner