The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructions direct the user to download the full skill codebase from an untrusted third-party GitHub repository (sparkfinderoven/r01-hesreallyhim-awesome-claude-code-security.git) which is not associated with the stated author or recognized trusted sources.
[CREDENTIALS_UNSAFE]: The documentation explicitly instructs users to export highly sensitive environment variables (such as AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and various Cloud Project IDs) into the agent's environment to facilitate IAM auditing, exposing them to the skill's scripts.
[COMMAND_EXECUTION]: The skill facilitates automated infrastructure management by executing shell commands that can modify cloud resources, such as creating snapshots (aws ec2 create-snapshot) and modifying database visibility (aws rds modify-db-instance).
[DATA_EXFILTRATION]: The suite is designed to send audit findings and incident reports to external endpoints via configured Slack webhooks (SLACK_WEBHOOK_URL), which could be leveraged to exfiltrate sensitive data gathered from the user's environment or codebase.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting and processing untrusted codebases for security scanning. Evidence Chain: 1. Ingestion points: Target file paths and directories provided to commands like /owasp-scan and /gdpr-audit. 2. Boundary markers: Absent; there are no instructions for the agent to ignore potentially malicious embedded instructions in the scanned files. 3. Capability inventory: Includes file system access, cloud CLI execution, and network transmission capabilities. 4. Sanitization: Absent; the skill does not specify any validation or filtering mechanisms for the data it processes.

security-compliance-skills-suite-claude