The Agent Skills Directory

[PROMPT_INJECTION]: The skill documentation in SKILL.md contains lists of prompt injection patterns such as "ignore previous instructions", "you are now", and "DAN" as part of its scanning logic description. These are identified as potential override attempts.- [COMMAND_EXECUTION]: The skill uses the Bash tool and Node.js fs module within its scripts (main.cjs, pre-execute.cjs, post-execute.cjs) to perform content scanning and log audit records to the local filesystem.- [DATA_EXFILTRATION]: Analysis of the scripts indicates that logs and metrics are written to local files (external-fetch-audit.jsonl and scan-metrics.jsonl). No unauthorized network transmission or exfiltration of sensitive files was detected.- [INDIRECT_PROMPT_INJECTION]: As the skill is designed to ingest and scan untrusted markdown and text from external sources, it inherently possesses a surface for indirect prompt injection. While the skill implements multi-step detection logic to mitigate this risk, the processing of external content remains a security boundary that requires monitoring.

content-security-scan