The Agent Skills Directory

[PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it is designed to ingest and summarize external security scanner outputs that could contain adversarial content.\n
Ingestion points: Reads vulnerability scanner results and log files from the ${CLAUDE_SKILL_DIR}/security/ directory as specified in the instructions.\n
Boundary markers: No explicit delimiters or instructions to ignore embedded commands within external data are present in the SKILL.md instructions.\n
Capability inventory: The skill has access to the Bash tool (restricted to specific prefixes), Write, and Edit operations.\n
Sanitization: There is no mention of sanitization or validation of the external content before it is processed by the agent.\n- [COMMAND_EXECUTION]: The skill's instructions suggest running external security utilities like Nmap and Trivy. This command execution is appropriately restricted in the allowed-tools metadata using specific command prefixes for the bash tool.\n- [DATA_EXFILTRATION]: The skill's primary function involves accessing sensitive application and infrastructure configurations. This access is necessary for the intended purpose of performing security audits, and no evidence of unauthorized external data transmission or exfiltration was found.\n- [NO_CODE]: Documentation and README files in the scripts/ and assets/ directories reference several key implementation files (such as security_scan.py, compliance_checker.py, and report_template.html) that are missing from the provided skill package.

generating-security-audit-reports