The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches markdown-based rules and contract definitions from the author's public GitHub repository to supplement the skill's logic.
[COMMAND_EXECUTION]: Executes standard security audit tools such as npm audit, pip-audit, and cargo audit via the shell to identify vulnerable dependencies.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes content from untrusted codebases.
Ingestion points: Project source code files accessed via Glob, Grep, and Read tools.
Boundary markers: No specific delimiters or instructions are specified for the agent to ignore potentially malicious content within analyzed files.
Capability inventory: Access to Bash for shell execution, file system Read and Write access, and network-capable dataflow tracing.
Sanitization: No sanitization or validation of the ingested code content is performed before analysis.

ln-621-security-auditor