The Agent Skills Directory

Security Auditing Principles (SAFE): The skill contains high-quality educational content regarding threat modeling, OWASP Top 10 (2025), and supply chain security. No malicious instructions, obfuscation, or hardcoded credentials were found in the provided files.\n- Indirect Prompt Injection Surface (LOW): The skill is intended to analyze external codebases, which are untrusted data sources. This is an inherent risk for security tools, as malicious code could attempt to manipulate the scanner's output or logic.\n
Ingestion points: File analysis at <project_path> using Read, Glob, and Grep tools.\n
Boundary markers: None are present in the provided markdown files to isolate scanned code from agent instructions.\n
Capability inventory: The skill has permission to use Bash and python, which are necessary for the referenced (though not provided) security_scan.py script.\n
Sanitization: No specific input sanitization or validation logic is documented in the reference files.

vulnerability-scanner