The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is configured with the Bash tool and provided with extensive command-line examples for system auditing, network reconnaissance, and privilege escalation (e.g., sudo -l, find / -perm -4000, nmap -sV -p- target.com). These capabilities allow the agent to perform invasive operations on the host environment.
[DATA_EXFILTRATION]: The skill explicitly instructs the agent to harvest credentials and sensitive information from system locations. Specifically, penetration-testing.md guides the agent to use grep to find passwords in ~/.bash_history and across all user directories in /home/*/, which constitutes high-severity exposure of local user data.
[EXTERNAL_DOWNLOADS]: The documentation (sast-tools.md, secret-scanning.md) directs the agent to install numerous third-party security utilities using package managers like npm, pip, go install, and brew. For example, it fetches the gosec tool from GitHub and various security linters from public registries. While these sources are well-known, executing automated software installations on a host introduces significant supply chain risk.
[PROMPT_INJECTION]: The skill has a large attack surface for indirect prompt injection because its core workflow involves reading and analyzing untrusted codebases, configuration files, and logs.
Ingestion points: Files read during SAST scans, code audits, and infrastructure reviews (SKILL.md).
Boundary markers: None identified; the skill lacks delimiters or instructions to treat external data as untrusted.
Capability inventory: Full access to the Bash, Read, Grep, and Glob tools.
Sanitization: No sanitization or validation of file content is performed before the agent processes it or acts upon instructions found within.

security-reviewer