The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/security_scan.py uses subprocess.run to execute the npm audit command. This is used specifically to perform dependency vulnerability analysis within the target project's directory.
[EXTERNAL_DOWNLOADS]: The skill utilizes the npm audit functionality, which involves querying the official npm registry to check local dependencies against a public vulnerability database. This is a standard security operation for verifying supply chain integrity.
[DATA_EXFILTRATION]: Although the scanning script reads local file contents to detect potential secrets and high-risk code patterns, it does not transmit any of the identified data to external network endpoints.
[SAFE]: The skill's instructions and scripts align with its stated purpose of security auditing. No evidence of prompt injection, obfuscation, persistence mechanisms, or unauthorized privilege escalation was found.

vulnerability-scanner