The Agent Skills Directory

[SAFE]: The skill is designed as a template for security analysis. It contains well-structured rule sets for CodeQL and Semgrep that target standard vulnerability classes like SQL injection, XSS, and command injection.- [SAFE]: No hardcoded credentials or sensitive data access patterns were identified. Rule sets contained in the assets folder use standard placeholders for pattern matching (e.g., 'YOUR_API_KEY_HERE') rather than real secrets.- [SAFE]: Scripts provided (e.g., codeql_scan.sh and semgrep_scan.sh) are Python-based templates that iterate through local files to print metadata. They do not perform remote downloads, execute arbitrary commands, or attempt privilege escalation.- [SAFE]: No obfuscation, hidden instructions, or persistence mechanisms were detected in the skill's markdown or script files.

scanning-input-validation-practices