The Agent Skills Directory

[SAFE]: No malicious patterns detected. The skill performs standard static analysis for security auditing purposes using industry-standard checklists and tools.
[PROMPT_INJECTION]: The skill operates on untrusted external source code, creating a surface for indirect prompt injection. Attackers could attempt to influence the agent's behavior by placing instructions in code comments or data strings within the files being audited. Ingestion points: API source code files and OpenAPI specifications read during scanning. Boundary markers: No explicit delimiters or instructions to ignore embedded content are provided. Capability inventory: Access to Write, Edit, and scoped Bash tools. Sanitization: No evidence of input validation or content filtering for the code being analyzed.

scanning-api-security