The Agent Skills Directory

[SAFE]: The skill's primary function is educational and analytical, focusing on defensive security practices and code auditing.
[CREDENTIALS_UNSAFE]: The skill contains a hardcoded API key pattern (sk_live_abc123) in a code snippet, however, this is explicitly presented as a negative example in documentation ('NEVER DO THIS') and uses a dummy value, posing no security risk.
[PROMPT_INJECTION]: The skill uses a 'Security Audit Mode' persona, which is strictly defined for vulnerability identification and adheres to safety guidelines. It does not contain instructions to override system prompts or bypass restrictions.
[INDIRECT_PROMPT_INJECTION]: The skill has an ingestion surface for untrusted data as it is designed to review user-provided code.
Ingestion points: Processes code blocks provided by users during security assessments (SKILL.md).
Boundary markers: Relies on standard Markdown code blocks for separation; no additional security boundaries for parsed data are explicitly defined.
Capability inventory: No subprocess calls, dynamic code execution (eval/exec), file-system writes, or network operations are present in the skill.
Sanitization: The skill instructions direct the agent to recommend input validation and output encoding to users, though it does not implement its own input sanitization logic as it is a text-based analytical tool.

security-audit-mode