The Agent Skills Directory

[SAFE]: The skill is a legitimate security and quality auditor that operates entirely on local files. It demonstrates best practices such as using parameterized SQL queries and managing data in a local SQLite database.- [COMMAND_EXECUTION]: The skill provides various CLI commands for orchestrating audits. These commands execute the skill's own internal Python scripts. No vulnerabilities related to arbitrary command execution or unsanitized shell input were identified.- [DATA_EXFILTRATION]: No network operations or external communication patterns were found. Analysis results are stored locally in the data/ directory.- [CREDENTIALS_UNSAFE]: The skill does not contain hardcoded credentials for its own operation. While it contains regular expressions designed to identify secrets (e.g., API keys, passwords) in the skills it audits, these are part of its primary security function and are handled safely.- [INDIRECT_PROMPT_INJECTION]: The skill acts as a processing surface for untrusted external data (other skill files). It mitigates risk by using static AST (Abstract Syntax Tree) parsing for analysis rather than executing the code. Reports are generated with clear structure, providing a boundary between audited content and the agent's instructions.

skill-sentinel