The Agent Skills Directory

[SAFE]: The skill is a defensive tool designed for security reviews. It provides a systematic methodology for auditing code against the OWASP Top 10 framework.
[COMMAND_EXECUTION]: The skill uses the Bash tool to perform standard security tasks such as dependency auditing (npm audit, pip audit), which is expected for its stated purpose.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection. 1. Ingestion points: Untrusted source code files are accessed using Read, Grep, and Glob tools in SKILL.md. 2. Boundary markers: Absent; while the instructions tell the agent to stay in scope, no specific delimiters are defined for the code contents. 3. Capability inventory: The skill has access to Bash and Write tools. 4. Sanitization: Absent; no explicit sanitization of code content is performed. Risk is mitigated by the tool's specific defensive instructions to provide fixes rather than exploits.
[CREDENTIALS_UNSAFE]: The skill systematically searches for hardcoded credentials, secrets, and private keys within the codebase to identify security failures (OWASP A02). This is a core part of its defensive auditing purpose and is performed to report risks to the user for remediation.

owasp-audit