The Agent Skills Directory

[SAFE]: The skill serves as a guide for security auditing. Patterns flagged by static analysis (such as Base64-encoded execution in reference/malicious-code.md and eval usage in reference/language-patterns.md) are explicitly presented as examples of malicious or vulnerable code that the agent should look for in audited projects. These are not instructions for the agent to execute.
[COMMAND_EXECUTION]: The skill provides instructions for the agent to utilize standard, well-known security tools including Semgrep, Bandit, Trivy, Grype, and TruffleHog. These tools are recommended for their legitimate security purposes.
[PROMPT_INJECTION]: The skill is subject to indirect prompt injection because its primary function is to ingest and analyze untrusted source code from external projects. Malicious instructions could be embedded in the audited code to influence agent behavior. The skill includes explicit safety mitigation: "Never execute untrusted code during review."
Ingestion points: Reads files and package manifests from the target repository being scanned (SKILL.md, Phase 1).
Boundary markers: No explicit XML or delimiter boundaries are defined for segmenting untrusted code content from the prompt instructions.
Capability inventory: The skill encourages the use of various CLI tools for scanning, as well as file system operations like ls, cat, and find.
Sanitization: The skill relies on the human-in-the-loop and the agent's safety guidelines, specifically instructing the agent not to execute code from the target project.

source-code-scanning