The Agent Skills Directory

[SAFE]: No security issues were identified during the analysis of the skill instructions or reference files.\n- [PROMPT_INJECTION]: The skill uses standard instructional language for its auditing tasks. It does not contain any patterns attempting to override agent behavior, bypass safety filters, or extract system prompts.\n- [DATA_EXFILTRATION]: The skill's operations are limited to reading local source code for analysis and writing markdown reports to a designated local output directory. No hardcoded credentials or unauthorized network operations were found.\n- [OBFUSCATION]: The content is provided in clear text with no evidence of Base64 encoding, zero-width characters, homoglyphs, or other techniques used to hide malicious intent.\n- [COMMAND_EXECUTION]: Although the skill frontmatter includes Bash in the allowed-tools list, the instructions focus on using it as a fallback for standard searching (Grep/Glob) or running legitimate auditing tools. No arbitrary or high-risk command execution sequences are specified.\n- [REMOTE_CODE_EXECUTION]: The skill does not download or execute code from external or untrusted sources. All dependencies and references are local to the skill's directory or the platform's standard MCP tools.\n- [INDIRECT_PROMPT_INJECTION]: The skill ingests source code from the target repository, creating a potential surface for indirect prompt injection. However, the analysis workflow is highly structured, and the ingested content is analyzed as data rather than being executed, which significantly mitigates the risk.

ln-642-layer-boundary-auditor