The Agent Skills Directory

[PROMPT_INJECTION]: The skill does not contain instructions to override safety filters, disregard previous rules, or bypass system constraints. It defines a structured role for a security specialist.
[CREDENTIALS_UNSAFE]: No hardcoded secrets were found. The skill includes an explicit 'Environment & Secrets' section that warns against committing .env files and hardcoding keys, providing examples of secure management via environment variables.
[EXTERNAL_DOWNLOADS]: Mentions well-known and standard security libraries such as bcryptjs, isomorphic-dompurify, zod, and jose. It also recommends using standard tools like npm audit for dependency checking.
[COMMAND_EXECUTION]: Provides guidance on preventing command injection by recommending the use of execFile with argument arrays instead of shell strings.
[DATA_EXFILTRATION]: No network exfiltration or unauthorized file access patterns were identified. The network examples (e.g., rate limiting) use standard placeholders like api.example.com.

security-auditor