The Agent Skills Directory

[SAFE]: The skill operates as a knowledge-based auditing tool. It provides structured guidance for analyzing codebases without introducing executable code, network operations, or privileged access.
[PROMPT_INJECTION]: The 'Overrides' section in the instructions directs the agent to respect project-specific security exceptions when requested by the user. This is a legitimate operational instruction for a security reviewer and does not constitute a bypass of the agent's core safety guidelines or system instructions.
[DATA_EXFILTRATION]: No patterns of data exfiltration or sensitive information harvesting were found. The skill does not utilize network-enabled tools or attempt to access credentials outside of standard project audit scopes.
[REMOTE_CODE_EXECUTION]: There is no evidence of remote script execution, untrusted package installation, or dynamic code generation. The skill relies entirely on static analysis and reference documentation.
[INDIRECT_PROMPT_INJECTION]: As a security auditor, the skill possesses an attack surface for indirect prompt injection because it ingests untrusted code from user repositories. However, because the skill lacks the ability to execute code or make outbound network requests, the risk associated with this surface is negligible.

security-best-practices