The Agent Skills Directory

[SAFE]: The skill serves a clear, legitimate security auditing purpose. It provides comprehensive documentation on PCI-DSS requirements and mapping to common code vulnerabilities.
[SAFE]: Hardcoded credential strings found in the text (e.g., 'msk_prod_xyzzy987') are explicitly part of 'UNSAFE' code examples used for teaching the agent how to identify vulnerabilities, rather than actual sensitive secrets belonging to the author or environment.
[INDIRECT_PROMPT_INJECTION]: The skill has a defined attack surface for indirect prompt injection because it is designed to ingest and process untrusted external data (the user's source code).
Ingestion points: The skill reads project source files across multiple languages (JS, Python, Java, Go, C#) using file inspection and keyword searches.
Boundary markers: No explicit boundary markers or 'ignore' instructions for the processed content are specified in the workflow.
Capability inventory: The skill performs read operations and generates analysis reports; it does not demonstrate capabilities for network exfiltration or shell execution beyond code inspection.
Sanitization: There is no explicit sanitization of the ingested code content before it is processed by the agent's logic.

pci-dss-audit