The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted external source code, creating a surface for indirect prompt injection. \n * Ingestion points: The agent reads all source and configuration files in the target project (SKILL.md, Step 2).\n * Boundary markers: None are defined to separate untrusted code from the agent's instructions.\n * Capability inventory: The skill instructs the agent to read files and run standard audit tools (depguard, npm/yarn/pnpm audit), but explicitly forbids executing the application code itself (SKILL.md, 'IMPORTANT' section).\n * Sanitization: No explicit sanitization or filtering of the processed content is mentioned.\n- [EXTERNAL_DOWNLOADS]: The skill references the 'depguard' tool and provides a link to its documentation on GitHub (github.com/mopanc/depguard). This is a legitimate security tool reference and follows standard vetting procedures.\n- [SAFE]: The instructions are designed to prevent accidental execution of malicious code, advising the agent to perform static analysis and use dedicated security tools rather than running the audited project's scripts.

js-malware-audit