The Agent Skills Directory

[DATA_EXFILTRATION]: The skill requires access to highly sensitive system and configuration files to perform its security audit. Evidence: The audit protocol in SKILL.md explicitly instructs the agent to scan paths including ~/.aws/credentials, ~/.ssh/id_rsa, ~/.ssh/config, and .env files. Context: This behavior is aligned with the skill's primary intended purpose as a security auditor.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the user's local environment while possessing file-write capabilities. Ingestion points: The agent reads various user-controlled files such as .env, config.json, and docker-compose.yml during the audit process (SKILL.md). Boundary markers: The skill does not implement explicit delimiters or instructions to ignore embedded commands within the scanned files. Capability inventory: The skill has fileWrite permissions and is designed to generate Dockerfiles and security templates in the workspace (SKILL.md). Sanitization: While the skill masks sensitive values in its final report, it does not sanitize input data to prevent malicious instructions within scanned files from influencing the agent's behavior during the audit.

setup-auditor