The Agent Skills Directory

[COMMAND_EXECUTION]: The skill defines a wide array of shell commands (git, grep, find) to perform repository security audits across 12 attack surfaces. This is the core functionality and requires shell access.
[EXTERNAL_DOWNLOADS]: The skill references and downloads security tools (gitleaks) from GitHub and various helper packages (pre-commit, license-checker) from standard package registries (NPM, PyPI). These are well-known security utilities.
[PROMPT_INJECTION]: The skill processes untrusted repository content (filenames, commit messages, and source code) to perform its audit. This ingestion of external data into shell commands and agent context represents an indirect prompt injection surface; however, the risk is assessed as low as the skill is designed for security-aware users to audit their own environments.
[DATA_EXFILTRATION]: While the skill scans for potentially exfiltrated data (secrets, internal IPs), it does not contain any logic to transmit this data to unauthorized external locations.

repo-sentinel