The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes standard command-line utilities to perform its auditing functions. It executes git for diffing changes, find for file discovery, and various dependency audit tools like npm audit, pip-audit, govulncheck, and cargo audit. These commands are used as intended for security assessment and do not involve unsanitized user input or suspicious remote execution patterns.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it is designed to ingest and analyze untrusted source code from a repository. This surface is inherent to its primary function as a security scanner.
Ingestion points: The skill reads file content and commit history using git diff, git log, and find (defined in SKILL.md).
Boundary markers: The instructions do not explicitly specify the use of delimiters (e.g., XML tags or triple backticks) to isolate the code being analyzed from the agent's internal instructions.
Capability inventory: The agent has the capability to execute shell commands, read the file system, and post comments to pull requests based on its analysis of the code.
Sanitization: There is no explicit mention of sanitizing or escaping the content of the source code before it is processed by the underlying model.
[EXTERNAL_DOWNLOADS]: The skill references standard package managers and security auditing tools to check for known vulnerabilities. These references target well-known package registries and established security tools, representing safe and expected behavior for a security review assistant.

security-review