The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to execute various system commands, including npm audit for dependency checks, grep for identifying hardcoded secrets, and git log for analyzing historical commits. These operations are aligned with the skill's primary purpose of security auditing.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of reading and interpreting untrusted data from a codebase.
Ingestion points: The agent reads project source files, configuration files (e.g., package.json, go.mod), and environment files (.env) using the Read, Glob, and Grep tools.
Boundary markers: The instructions do not define specific delimiters or instructions to prevent the agent from following malicious commands that might be embedded in the code comments or documentation it scans.
Capability inventory: The skill has access to Bash for shell command execution and spawn_agents_on_csv to trigger additional automated agent tasks, which could be exploited if an injection is successful.
Sanitization: There is no evidence of sanitization or escaping of the content retrieved from project files before it is processed by the agent or passed to sub-agents.

security-audit