The Agent Skills Directory

[SAFE]: No malicious behavior detected. The skill performs its stated function of code auditing through local scripts and trusted external APIs.- [PROMPT_INJECTION]: Evaluated for indirect prompt injection risks as the skill processes untrusted source code and interpolates it into LLM prompts in scripts/analyze.sh. The risk is mitigated by the following factors: �- Ingestion points: scripts/analyze.sh (reads target file content). �- Boundary markers: Employs markdown code fences (```) around interpolated content. �- Capability inventory: The skill executes shell scripts (bash) and network requests (curl) but does not execute LLM-generated content. �- Sanitization: Prompt content is JSON-escaped using Python before transmission to APIs.- [DATA_EXFILTRATION]: The skill transmits source code to Anthropic and OpenAI APIs for analysis. This is documented behavior essential to the skill's purpose and targets well-known service providers via secure HTTPS channels.- [COMMAND_EXECUTION]: Uses local bash and python scripts to automate the audit process. No evidence of unsafe command construction from user-supplied input was found; paths and variables are appropriately quoted.

vibe-check