The Agent Skills Directory

[SAFE]: The skill provides structured workflows and checklists for code reviews and security audits based on established industry standards such as OWASP, ensuring a professional and secure approach to quality assurance.\n- [COMMAND_EXECUTION]: Helper scripts in the scripts/ directory facilitate the execution of common, well-known development utilities (e.g., npm, pytest, eslint, bandit, trufflehog). These operations are restricted to the local environment and are intended for code analysis and testing as part of the skill's primary function.\n- [EXTERNAL_DOWNLOADS]: The skill's scripts utilize standard package managers and security scanning utilities that may interact with official registries and databases (e.g., npm registry, CVE databases) to perform audits or run tests, which is expected behavior for this use case.\n- [PROMPT_INJECTION]: The skill processes untrusted user code, which represents an indirect prompt injection surface. 1. Ingestion points: Source code files and project configurations analyzed during code review and security audit phases. 2. Boundary markers: Absent; the skill does not explicitly delimit user code to prevent instructions from overriding its own. 3. Capability inventory: Execution of local scripts triggered by the agent that run various analysis and test runners. 4. Sanitization: Absent; the skill relies on the agent's adherence to the provided checklists to maintain behavior boundaries.

quality-assurance