The Agent Skills Directory

[PROMPT_INJECTION]: The skill instructions contain numerous examples of prompt injection payloads (e.g., 'Ignore previous instructions', 'Bypass safety checks') used as signatures for its 6-step audit protocol. These are reference data for the agent's persona and are not intended to be executed.
[PROMPT_INJECTION]: The skill adopts a new persona as a 'security auditor' and defines specific role-play instructions to guide its behavior during analysis.
[DATA_EXFILTRATION]: The content explicitly lists sensitive file paths (e.g., ~/.ssh, ~/.aws, .env) and network indicators as red flags to be checked in other skills. These paths are part of the auditing criteria and are not accessed by the skill itself.
[PROMPT_INJECTION]: The skill is designed to process untrusted external prompts, creating a surface for indirect prompt injection where the data being audited could attempt to manipulate the auditor's output.
Ingestion points: Processes external agent configuration files, instruction sets, and pasted text.
Boundary markers: The skill does not currently implement specific delimiters (e.g., XML tags) to isolate the data under review from the auditor's instructions.
Capability inventory: The skill requests file-read access to examine local files but does not utilize network or shell execution tools.
Sanitization: Includes instructions in Step 4 to normalize text by decoding Base64 and removing zero-width characters before performing the audit.

external-gitcode-ascend-skill-auditor