The Agent Skills Directory

[DATA_EXPOSURE]: The skill identifies and reads sensitive file paths including .env files, SSH keys (~/.ssh/id_rsa), and AWS credentials as part of its core scanning functionality.
This behavior is legitimate for the stated purpose of a security scanner.
Risk is mitigated by the lack of network, shell, and fileWrite permissions, ensuring data cannot be transmitted externally or modified.
The prompt contains explicit instructions to truncate all discovered secrets in the output report to prevent accidental exposure in logs.
[PROMPT_INJECTION]: No evidence of instruction overrides, safety filter bypasses, or adversarial role-play patterns was found.
[REMOTE_CODE_EXECUTION]: The skill does not perform any remote code downloads, external script executions, or package installations.

credential-scanner