The Agent Skills Directory

[SAFE]: The skill defines a legitimate security auditing workflow. It instructs the agent to analyze PHP projects for vulnerabilities involving file system operations and code inclusion. The use of structured templates and evidence requirements suggests a developer-focused tool rather than a malicious script.
[PROMPT_INJECTION]: The skill presents an inherent indirect prompt injection surface because its primary function is to process and analyze external, untrusted PHP source code. (1) Ingestion points: PHP project source code and trace data from external tools. (2) Boundary markers: The skill does not define specific delimiters or warnings to ignore instructions embedded within the analyzed source code. (3) Capability inventory: The skill has the ability to write audit reports to the local file system. (4) Sanitization: The skill does not specify any sanitization or filtering of the source code before analysis.

php-file-read-audit