The Agent Skills Directory

[SAFE]: The skill is composed entirely of Markdown documentation files that establish a 2026 security baseline for building and auditing software. It does not contain any executable scripts (.py, .js, .sh), configuration for tool execution, or automated hooks.
[SAFE]: Static analysis triggers for prompt injection are false positives. The text in 'rules/08-llm-ai-security.md' describes 'ignore previous instructions' as an example of a direct injection attack for the purpose of educating the AI on how to detect and mitigate such threats in external applications.
[SAFE]: No hardcoded credentials, sensitive file access, or unauthorized network operations are present. All code snippets provided in the 'rules/' directory are identified as 'BAD' or 'GOOD' examples for educational and illustrative purposes.
[SAFE]: The skill follows established security standards (OWASP, CWE, NIST) and encourages best practices such as least-privilege, human-in-the-loop authorization, and defense-in-depth.
[SAFE]: No obfuscation, persistence mechanisms, or privilege escalation patterns were detected.

sota-code-security