The Agent Skills Directory

[PROMPT_INJECTION]: Static analysis warnings regarding instruction overrides in SKILL.md are false positives. The relevant text is part of a safety framework that explicitly instructs specialist agents to treat scanned code as untrusted data and to ignore any directives found within it. This is a defensive measure against indirect prompt injection.
[REMOTE_CODE_EXECUTION]: AV detections (BV:Agent-CDE) and YARA hits for reverse shells and obfuscated execution patterns in references/threat-intelligence.md and references/language-patterns/ are caused by plain-text code examples provided as reference data. These examples allow the 'Threat Intelligence' specialist agent to match malicious patterns in the audited codebase and do not constitute executable code within the skill itself.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool for project reconnaissance (using standard commands like find, ls, and grep) to identify the tech stack and entry points. This behavior is transparent, documented, and essential for the skill's stated purpose of conducting a security audit.
[SAFE]: External links and community footers point to the author's official Skool community ('AI Marketing Hub') and are displayed neutrally. No hidden or obfuscated URLs were detected.

cybersecurity