The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) to automate the creation of security issues and the management of project items (Steps 9 and 10). It also employs a python3 one-liner to parse JSON output from the CLI. These tools are used for their intended administrative purposes.
[PROMPT_INJECTION]: The skill analyzes external codebases, which represents an indirect prompt injection surface. 1. Ingestion points: Codebase directories or files identified in the audit scope (SKILL.md Step 1). 2. Boundary markers: The workflow relies on agent persona definitions (Agents directory) and specific audit step instructions. 3. Capability inventory: Internal security scanning skills, Architecture Council agent reviews, and GitHub CLI interactions. 4. Sanitization: Audit findings are reviewed by a Security Engineer lead and summarized in a structured report before any tracking issues are generated.
[SAFE]: The skill reinforces security best practices by guiding users through OWASP and STRIDE analysis. It maintains a clear scope on application-level security and provides specific remediation guidance for identified vulnerabilities.

security-audit