The Agent Skills Directory

[PROMPT_INJECTION] (SAFE): The script scripts/scan-vulnerabilities.py and the documentation in references/OWASP-LLM-TOP10.md contain common injection payloads (e.g., 'DAN', 'Ignore previous instructions'). These are used as static data for testing the security of other LLMs and do not attempt to manipulate the analyzing agent.
[DATA_EXFILTRATION] (SAFE): There is no code within the skill that attempts to access sensitive file paths (like AWS credentials or SSH keys) or perform network requests to external domains.
[REMOTE_CODE_EXECUTION] (SAFE): No patterns for downloading and executing remote scripts (e.g., curl to bash) were found in any of the files.
[COMMAND_EXECUTION] (SAFE): The Python script uses standard library modules for command-line arguments and data structures; it does not invoke shell commands, perform privilege escalation, or use dynamic execution functions like eval().

vulnerability-discovery