The Agent Skills Directory

[SAFE]: The skill follows a structured approach for security auditing, focusing on identifying missing authentication and broken function-level authorization. It does not contain any instructions for credential theft, unauthorized network communication, or system persistence.
[PROMPT_INJECTION]: The skill is designed to process untrusted source code, which creates a surface for indirect prompt injection. However, the instructions provide clear guidance on role-mapping and verification, and the use of specific vulnerability classes and examples helps keep the agent focused on the security analysis task rather than acting on instructions found within the code.
[DATA_EXFILTRATION]: All file operations are directed toward the local filesystem, specifically the 'sast/' directory. No network-based exfiltration patterns or requests to external domains were identified.

sast-missingauth