The Agent Skills Directory

Structured Security Methodology: The skill implements a professional security audit pipeline. It uses distinct phases to map application architecture, hunt for specific attack classes (such as injection and business logic errors), and perform independent verification of findings to ensure accuracy.
Local File System Operations: The skill reads the target codebase and writes its analysis results, including human-readable reports and structured JSON findings, to a local output directory. This behavior is consistent with the intended function of a security reporting tool.
Specialized Agent Delegation: It utilizes the platform's sub-agent capabilities to run focused tasks in parallel. This approach separates the discovery of vulnerabilities from their validation, which is a standard security best practice for reducing false positives.
Local Script Execution: A Node.js script (validate-findings.cjs) is included to perform structural validation of the generated reports against a predefined JSON schema. This script is zero-dependency and runs locally to ensure data integrity.
Vulnerability Surface Analysis: The skill is designed to analyze untrusted source code, which inherently involves processing data that could contain malicious instructions (Indirect Prompt Injection). However, the skill incorporates multiple validation layers and independent verification phases to mitigate the risk of the agent being misled by the code it is auditing.

security-audit