The Agent Skills Directory

[COMMAND_EXECUTION]: The 'Final Verification' step (Step 10) directs the agent to execute the application ('run the app') to check for regressions. This involves running potentially untrusted code from the local codebase being audited.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it reads and acts upon untrusted data in the form of source code and project files. Ingestion points: The agent reads every file in the codebase, including source files and configuration files. Boundary markers: None provided; the skill lacks instructions to distinguish between its own logic and data found within files. Capability inventory: The agent can delete files, modify code, and execute shell commands. Sanitization: No input validation or sanitization of file content is performed.- [DATA_EXFILTRATION]: The audit process involves identifying sensitive files (e.g., .env, .pem, .key) and searching for hardcoded credentials. While intended for cleanup, this increases the risk of data exposure by bringing secrets into the active LLM context.

codebase-audit-pre-push