The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides numerous shell commands for auditing codebases, including git diff for change analysis, grep for pattern matching, and find for file discovery in references/scope_commands.md. These are standard tools for the stated purpose of secret scanning.
[EXTERNAL_DOWNLOADS]: The references/programmatic_scanning.md file contains instructions for installing and running third-party security utilities, specifically Gitleaks and TruffleHog, via Homebrew and Docker. These references point to well-known, reputable security projects and official container images.
[PROMPT_INJECTION]: As a tool designed to process and analyze untrusted data (code and git diffs), the skill is subject to indirect prompt injection risks. Malicious instructions could be placed within code comments or data files being scanned. The skill lacks specific boundary markers or sanitization instructions for handling such untrusted input, though this is a common characteristic of scanning utilities.

secret-scanner