The Agent Skills Directory

[SAFE]: The skill serves as a static knowledge base and documentation for security best practices. It does not contain executable scripts or automation that could perform unauthorized actions.
[SAFE]: The documentation includes illustrative code snippets for input sanitization, secret redaction, and resource monitoring. These are clearly marked as educational examples (e.g., '✅ SECURE' vs '❌ VULNERABLE') and are not executed by the skill itself.
[SAFE]: Prompt injection patterns and dangerous shell commands are mentioned only within the context of security filter definitions and regex patterns for detection/prevention logic.
[SAFE]: External references to security tools (such as Gitleaks, Semgrep, and Trivy) and GitHub Actions (such as step-security/harden-runner) are industry-standard recommendations and are used here for instructional purposes.

GitHub Agentic Workflows Security Architecture