The Agent Skills Directory

[COMMAND_EXECUTION]: The script utilizes child_process.execSync to run local system commands such as ss, netstat, and git. These are used appropriately to identify open network ports and check for security-related keywords in the repository history as part of the audit process.
[SAFE]: The skill's primary function involves reading sensitive files like .env and scanning directories for private keys. This behavior is fully documented and consistent with the skill's purpose as a security auditor. The findings are reported back to the console or a local JSON file and are not transmitted to any external servers.
[SAFE]: The --fix functionality correctly implements restrictive file permissions and secures the environment by creating a .gitignore file, demonstrating adherence to security best practices.

security-audit