The Agent Skills Directory

[SAFE]: The skill contains no malicious patterns, obfuscation, or unauthorized data exfiltration instructions. It promotes secure coding practices by providing templates for authorization, cryptographic safety, and input validation.
[COMMAND_EXECUTION]: The workflow incorporates standard security scanning and auditing commands, including dotnet list package --vulnerable and grep for secret discovery. It also references a local graph analysis script python .claude/scripts/code_graph. These operations are well-defined within the context of performing a local security audit.
[PROMPT_INJECTION]: The skill uses strong instructional language (e.g., 'MANDATORY IMPORTANT MUST ATTENTION') to enforce its multi-round review and evidence-based protocols. These are benign and intended to ensure the quality of the security audit rather than bypass agent safety filters.
[SAFE]: The skill addresses Indirect Prompt Injection risks by establishing a rigid verification framework. While it processes untrusted source code, it requires citing specific file lines and performing multi-agent cross-reviews to mitigate bias or manipulation from the content being reviewed.

arch-security-review