The Agent Skills Directory

[SAFE]: The skill operates as a defensive code analysis and auditing tool. Its logic is focused on identifying common security vulnerabilities (like hardcoded keys or authentication flaws) and stability issues in web applications. All behaviors are consistent with its stated purpose.
[PROMPT_INJECTION]: No patterns of prompt injection, such as attempts to bypass safety filters, disregard previous instructions, or extract system prompts, were found in the SKILL.md or reference files.
[DATA_EXFILTRATION]: No exfiltration vectors were identified. While the skill instructs the agent to search for sensitive data (like API keys) in the scanned codebase, it does not contain instructions to transmit that data to external or untrusted domains, nor does it access the agent host's own sensitive configuration files.
[REMOTE_CODE_EXECUTION]: The skill does not download or execute remote scripts. It uses standard file searching operations (Grep/Glob) to analyze local project files.
[COMMAND_EXECUTION]: The skill's use of Grep/Glob commands for pattern matching within the repository is appropriate for its function as a code scanner and does not pose an unauthorized execution risk.
[OBFUSCATION]: No obfuscation, multi-layer encoding, or hidden characters were detected in the skill's content. All instructions and patterns are provided in clear text.

code-safety-scanner