The Agent Skills Directory

[SAFE]: No security issues detected. The skill is a defensive utility that follows security best practices by implementing static analysis and a structured human-in-the-loop review process for external assets.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as its primary function is to ingest and process untrusted third-party skill content. This is an inherent characteristic of the skill's purpose and is mitigated by clear instructions for human verification and a strict decision framework.
Ingestion points: The agent is instructed to read the SKILL.md and referenced files from external candidate directories (e.g., in the 'Audit Workflow' section of SKILL.md).
Boundary markers: The skill relies on human oversight and an 'Outcome Category' decision framework rather than automated execution of external instructions, though no technical delimiters are explicitly provided in the prompt logic.
Capability inventory: Capabilities include read-only file access and standard platform CLI operations including npx, uv, and wagents for auditing and validation purposes.
Sanitization: The provided scripts/audit_external_skill.py script performs read-only regex matching on content and specifically avoids executing or evaluating candidate code.

external-skill-auditor