The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute various security scanners and penetration testing tools, including semgrep, nmap, sqlmap, and gitleaks. This behavior is consistent with the skill's stated purpose of conducting security reviews and is supported by explicit constraints such as verifying scope and authorization before active testing.
[EXTERNAL_DOWNLOADS]: The instructions include steps to install security utilities using package managers like npm, pip, and brew. It references well-known and reputable tools such as semgrep, bandit, trivy, and snyk. These downloads are from established official registries and repositories.
[PROMPT_INJECTION]: As a security auditing tool, the skill is susceptible to indirect prompt injection because it processes untrusted code and data.
Ingestion points: Source code files and data processed through the Read, Grep, and Glob tools for auditing (e.g., in the core workflow described in SKILL.md).
Boundary markers: The skill does not explicitly define delimiters or instructions to ignore embedded commands within the analyzed code in its reference materials.
Capability inventory: The skill possesses powerful capabilities including shell command execution via Bash and file system access via Read, Glob, and Grep across the workspace.
Sanitization: There are no specific instructions for sanitizing or escaping the content of the files being reviewed before they are processed by the agent, which could allow maliciously crafted code to influence the agent's output.

security-reviewer