The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted local data including source code (src/) and documentation (docs/). While this creates a surface for indirect prompt injection where malicious comments in code could attempt to influence the audit report's findings, the skill's lack of write permissions or network capabilities effectively mitigates any significant risk.
[DATA_EXPOSURE]: The skill performs read operations on local project files to identify security risks such as hardcoded credentials or sensitive Stripe keys in client-side code. This data access is restricted to the current project scope and is necessary for the skill's primary function as a security auditor.

game-review