The Agent Skills Directory

[SAFE]: The skill demonstrates security best practices by providing tools for cryptographically secure API key generation and SHA-256 hashing for storage.
[SAFE]: Local auditing scripts in scripts/agent.py process user-provided log and inventory files to identify policy violations (e.g., key age, broad scopes) without external network dependencies.
[SAFE]: Documentation includes references to well-known security tools like gitleaks and truffleHog, as well as official security guidelines from GitHub and OWASP.
[SAFE]: The skill processes external data (logs and inventory) but does not expose this data to dangerous sinks such as command execution or network exfiltration, maintaining a safe posture against indirect injection.
Ingestion points: scripts/agent.py reads external files provided via CLI arguments (--file, --inventory, --usage-log).
Boundary markers: Absent in file reading operations.
Capability inventory: Limited to local file read and writing a structured JSON report to a local path.
Sanitization: Not applicable as the data is used for regex matching and structured log parsing rather than dynamic execution.

implementing-api-key-security-controls