The Agent Skills Directory

[SAFE]: The skill's primary function is to perform security and dependency audits on codebases. It identifies risks such as CVE vulnerabilities, outdated packages, and redundant code implementations.
[COMMAND_EXECUTION]: The skill invokes standard package management and security auditing tools (e.g., npm audit, pip-audit, cargo audit, govulncheck). These executions are restricted to well-known auditing commands as defined in the references/vulnerability_commands.md file and are essential for its stated purpose.
[DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration was found. The skill reads local package manifests and runs local/registry-based audits, which is standard behavior for dependency scanners.
[PROMPT_INJECTION]: The skill uses structured boundary markers (such as AUDIT-META tags) and explicit contract instructions to manage data processing, reducing the risk of accidental instruction obedience from analyzed code.
[REMOTE_CODE_EXECUTION]: No remote code execution patterns or downloads from untrusted sources were detected. References to external databases (like OSV or PyUp.io) are used for vulnerability lookups via official auditing tools.

ln-625-dependencies-auditor