The Agent Skills Directory

[SAFE]: The skill is a documentation and planning-oriented tool that teaches an agent how to categorize security risks (Perimeter, Session, Abuse, Validation, Secrets) and generate hardening briefs. It does not perform any automated system modifications or remote network operations.
[CREDENTIALS_UNSAFE]: The skill explicitly advises on secret hygiene, recommending that secrets never be committed to source control or surfaced in logs/errors. It promotes safe secret management practices rather than exposing credentials.
[COMMAND_EXECUTION]: Although the skill is granted access to the Bash tool in its frontmatter, the instructions are strictly focused on analysis and reporting. There are no instructions or templates that encourage the execution of arbitrary or dangerous shell commands.
[PROMPT_INJECTION]: The content was analyzed for override markers, role-play injections, and system prompt extraction patterns; no such malicious instructions were detected. The skill maintains its intended instructional role.
[EXTERNAL_DOWNLOADS]: All external references provided (OWASP, MDN, Helmet.js, ZAP) are to well-known, trusted security resources and documentation sites. No remote scripts or binary downloads are initiated.
[DATA_EXFILTRATION]: No network operations or commands to read sensitive files (like SSH keys or AWS credentials) are present. The skill operates within the context of the user's project descriptions.

security-best-practices