The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides templates for using standard command-line tools such as gh, git, grep, and curl to automate the discovery and analysis of public code repositories. These operations are restricted to reconnaissance of target organizations as defined by the user.
[EXTERNAL_DOWNLOADS]: The instructions reference and include command patterns for well-known security tools like trufflehog, gitleaks, and gitrob. These tools are fetched from their official and recognized GitHub repositories for the purpose of secret scanning and repository enumeration.
[DATA_EXFILTRATION]: While the skill's purpose is to find sensitive data, the workflow focuses on scanning external public repositories and saving results to a local outputs/ directory. There is no evidence of the skill attempting to access the local environment's sensitive files (such as SSH keys or AWS configs) for exfiltration.
[CREDENTIALS_UNSAFE]: The reference documentation contains common secret patterns and keywords (e.g., AWS_SECRET_ACCESS_KEY, mongodb+srv) used as search queries (dorks) to find leaks in target repositories. These are used for pattern matching and are not actual hardcoded credentials.

osint