The Agent Skills Directory

[Prompt Injection] (SAFE): No malicious instructions or bypass attempts were detected. The skill uses instructional headers like 'IMPORTANT' and 'CRITICAL' solely within the context of technical auditing methodology.
[Indirect Prompt Injection] (LOW): The skill's primary function is to ingest and analyze untrusted source code. This creates a surface for indirect prompt injection where malicious comments or code structures in the target codebase could attempt to influence the agent's behavior. However, the skill includes strong mitigations, such as the 'Jump-Into-External-Code Rule' (Section 5.2), which explicitly instructs the agent to treat black-box code as adversarial.
[Data Exposure & Exfiltration] (SAFE): No commands or instructions related to accessing sensitive system files (~/.ssh, .env, etc.) or performing unauthorized network operations were found.
[Obfuscation] (SAFE): The content consists of clear, well-structured Markdown with no hidden characters, encoding, or homoglyphs.
[Unverifiable Dependencies] (INFO): Section 8 mentions a function-analyzer subagent. This is an internal tool reference for the agent workflow and does not involve downloading untrusted remote packages or scripts.

audit-context-building