The Agent Skills Directory

[DATA_EXFILTRATION]: The skill includes mock credentials like sk_live_abc123 in a 'FORBIDDEN' section to demonstrate unsafe coding practices. These are non-functional examples and do not represent actual sensitive data leakage. It also includes search patterns for secrets (e.g., sk_, pk_), which is standard behavior for a security auditing tool.
[EXTERNAL_DOWNLOADS]: The skill references the official OWASP Top 10 website (owasp.org), which is a trusted global standard for web application security. This reference is used for documentation purposes and does not involve automated downloads or execution of remote code.
[COMMAND_EXECUTION]: The skill utilizes common CLI tools such as grep, npm audit, and pip audit for scanning project files and dependencies. These commands are restricted to local analysis within the project scope and follow best practices for security auditing.
[DATA_EXFILTRATION]: The skill processes project source code to identify vulnerabilities.
Ingestion points: Reads local TypeScript and Python files via grep and directory traversal.
Boundary markers: None explicitly defined in the instructions, however, the skill operates as a read-only auditor within the local environment.
Capability inventory: Uses grep for pattern matching, wc -l for counting, and npm/pip audit for dependency checks. It does not perform network writes or outside-of-context execution.
Sanitization: Not applicable as the skill performs static analysis using grep patterns and predefined security checklists.

security-audit