The Agent Skills Directory

[SAFE]: No malicious patterns or unauthorized behaviors were detected in the skill's instructions or scripts. The use of the Bash tool is scoped to invoking a sub-agent for auditing purposes.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as its primary function involves reading and processing untrusted plugin content. Ingestion points: The skill reads files from user-specified plugin directories (e.g., 'plugins/*'). Boundary markers: There are no explicit instructions to the sub-agent to ignore embedded instructions within the audited files. Capability inventory: The skill has access to Bash, Read, and Write tools to facilitate the audit and report generation. Sanitization: No sanitization or filtering logic is present to pre-process potentially malicious content within the audited plugins.

audit-plugin-l5