The Agent Skills Directory

[SAFE]: The skill functions as a reporting tool that reads from and writes to the local file system using standard project paths. It does not request or use capabilities such as network access, shell execution, or dynamic code evaluation.- [SAFE]: There are no hardcoded credentials, API keys, or sensitive file paths targeted for exfiltration. The skill focuses on audit artifacts (vuln_audit/ and auth_audit/ reports).- [SAFE]: The skill exhibits an indirect prompt injection surface by processing external markdown reports, but the risk is assessed as safe due to the lack of exploitable capabilities.
Ingestion points: Reads vulnerability reports from vuln_audit/*_{timestamp}.md and auth_audit/auth_audit_report_{timestamp}.md (referenced in SKILL.md).
Boundary markers: Absent; the skill does not define specific delimiters to wrap untrusted audit content when generating the final report.
Capability inventory: Only file-write operations to the {output_path} directory are specified. There are no subprocess calls, network requests, or evaluation tools enabled.
Sanitization: No content filtering or validation of the input audit reports is implemented before aggregation into the output template.

php-exploit-chain-audit