The Agent Skills Directory

[SAFE]: The skill provides comprehensive and actionable security review patterns that align with industry standards like the OWASP Top 10, focusing on defensive implementation and risk mitigation.
[COMMAND_EXECUTION]: The instructions suggest using the standard .NET CLI command dotnet list package --vulnerable to identify insecure dependencies within the target project.
[PROMPT_INJECTION]: The skill operates on untrusted external data (application source code and configuration files), which constitutes an indirect prompt injection surface. However, this is inherent to the tool's primary purpose as a security scanner.
Ingestion points: Reads and processes various project files including .cs, .json, .yml, .yaml, .xml, and .config (SKILL.md).
Boundary markers: The instructions do not define specific delimiters or boundary markers to prevent the agent from obeying instructions embedded in the scanned files.
Capability inventory: The skill uses MCP find_references to analyze the code structure and configuration (SKILL.md).
Sanitization: There are no explicit sanitization or filtering steps mentioned for the content retrieved from the files during the analysis phase.

security-scan