The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructions direct the user to clone the project repository from an external source (https://github.com/sparkfinderoven/r01-hesreallyhim-awesome-claude-code-security.git) during installation.
[COMMAND_EXECUTION]: The incident response playbooks within the skill include high-impact system commands such as iptables for network isolation, dd for forensic disk imaging, and AWS CLI operations (aws ec2 modify-instance-attribute) for infrastructure modification.
[DATA_EXFILTRATION]: The skill requests the configuration of sensitive environment variables, including GITHUB_TOKEN, AWS_PROFILE, SMTP_PASSWORD, and NVD_API_KEY. It also defines integrations for outbound communication via Slack webhooks and SMTP, which could be exploited for data exfiltration if the agent is compromised.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its design:
Ingestion points: Processes untrusted codebase files, dependency manifests, architecture diagrams, and security logs as part of its scanning and auditing functions.
Boundary markers: The instructions lack explicit delimiters or warnings to prevent the agent from following instructions embedded within the data being scanned.
Capability inventory: The skill possesses extensive capabilities, including file system read/write access, shell command execution (including privileged system commands), and network access.
Sanitization: No sanitization or validation logic is provided to filter malicious instructions from the untrusted data before it is analyzed by the agent.

sparkfinderoven-claude-security-compliance-suite