The Agent Skills Directory

[SAFE]: The skill consists of instructions and reference documentation for security auditing. No executable scripts, obfuscated content, or exfiltration vectors were detected in the skill's logic or assets.
[COMMAND_EXECUTION]: Static analysis alerts for 'eval' and 'exec' in references/language-footguns/python.md are confirmed as false positives; these keywords appear exclusively within documentation explaining how to identify such vulnerabilities in audited code.
[DATA_EXFILTRATION]: The AV alert for references/source-sink-mapping.md is a false positive. The file contains a list of HTTP request attributes (e.g., 'req.body', 'req.query') used as examples of untrusted input sources, which triggered heuristic detection for HTTP-based exfiltration.
[PROMPT_INJECTION]: The skill involves processing untrusted codebases, which represents an attack surface for indirect prompt injection where audited files might attempt to manipulate the auditor. Evidence Chain: (1) Ingestion points: target repository source files (Phases 1, 5). (2) Boundary markers: Absent; no instructions provided to wrap audited content. (3) Capability inventory: The host agent typically possesses file-system and network capabilities. (4) Sanitization: Absent; rely on LLM context. This risk is mitigated by the skill's explicit 'pentester mindset' instruction (Mindset section) and systematic dataflow tracing requirements (Phase 5).

security-audit