The Agent Skills Directory

[PROMPT_INJECTION]: The skill's reference file references/prompt-injection-patterns.md contains numerous examples of prompt injection techniques (e.g., 'ignore all previous instructions', 'DAN mode', 'developer mode'). These are documented solely to help the agent identify these threats in target skills being audited and do not represent an attempt to subvert the agent's own instructions.
[REMOTE_CODE_EXECUTION]: references/dangerous-code-patterns.md includes examples of reverse shells, netcat backdoors, and the use of eval() or exec() for running untrusted code. These snippets are presented as detection targets for the auditing workflow and are not intended for execution by the skill itself.
[COMMAND_EXECUTION]: The skill uses the Bash tool to run its bundled Python analysis script scripts/scan_skill.py via the uv package manager. This is a legitimate and justified use of the tool for the skill's primary function of automated security scanning.
[DATA_EXFILTRATION]: Reference documentation includes examples of exfiltrating data via HTTP, DNS, and file-based methods to illustrate what the auditor should look for in malicious skills. No such behavior is present in the skill's operational code.
[EXTERNAL_DOWNLOADS]: The skill references the uv installation guide on astral.sh. This is a well-known service for Python development tooling and is considered a safe source for configuration and dependency management.
[SAFE]: The Python script scripts/scan_skill.py uses standard libraries and pyyaml's safe_load() function, following security best practices. All flagged static analysis patterns are part of the detection logic designed to find vulnerabilities in other code.

skill-scanner