The Agent Skills Directory

[SAFE]: The skill provides a standard security audit workflow that leverages well-known industry tools.
Evidence: SKILL.md recommends using npm audit, pip audit, cargo audit, trivy, and snyk to identify vulnerabilities.
[SAFE]: External tool installations and references target official and trusted repositories or well-known package registries.
Evidence: references/security-tools.md provides commands for installing reputable tools like snyk, pip-audit, bandit, and safety.
Evidence: References to Go security tools govulncheck and gosec point to official Go and community-trusted GitHub organizations.
[SAFE]: No malicious prompt injection or behavior override patterns were detected; the instructions focus on auditing user-provided code for safety.
[SAFE]: Hardcoded credential patterns found in the reference files are generic placeholders used for educational demonstration of 'BAD' coding practices.
[SAFE]: The skill does not perform any unauthorized data exfiltration or network operations; network usage is limited to standard vulnerability scanning tasks using reputable tools.

code-security