The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill analyzes untrusted external codebases, creating a surface where malicious instructions embedded in comments or code could influence the agent's behavior.
Ingestion points: Phase 1 and Phase 3 involve the use of Glob, Grep, and Read tools to ingest arbitrary files from the user's project.
Boundary markers: The workflow does not specify the use of delimiters or 'ignore' instructions to distinguish code content from system instructions during semantic analysis.
Capability inventory: The skill utilizes Glob, Grep, Read, and Write capabilities across all project files.
Sanitization: There is no evidence of sanitization or escaping of the code content before it is processed by the LLM for analysis.
Data Exposure (SAFE): While the skill actively searches for sensitive files (e.g., .env, credentials, PII), this behavior is strictly aligned with the primary purpose of a security audit. No evidence of unauthorized network exfiltration or credential hardcoding was found.

security-audit-owasp-top-10