The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill processes untrusted code files, which creates an inherent surface for indirect prompt injection attacks.
Ingestion points: Ingests user-provided source code files through the Read and Grep tools during analysis.
Boundary markers: Absent. The skill instructions do not specify the use of delimiters or warnings to ignore instructions embedded within the audited code.
Capability inventory: The skill uses Bash, Read, and Grep. Malicious instructions within audited code could attempt to manipulate these tools if the agent fails to distinguish between data and instructions.
Sanitization: Absent. There is no mention of escaping or filtering external content before the agent processes it for vulnerability detection.
[Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill utilizes standard tools such as npm audit and pip-audit. These are well-known security tools. While it mentions connecting to registries like registry.npmjs.org, these are trusted sources for dependency auditing.
[Data Exposure & Exfiltration] (SAFE): No patterns of sensitive data exfiltration or unauthorized file access were detected. The skill's primary function is to read code for the purpose of identifying security flaws to report back to the user.

security-auditor