The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses git and ripgrep commands to perform analysis of the repository's source code and version history. These are local, read-only operations consistent with the skill's purpose as an auditor.
[DATA_EXPOSURE]: The skill searches for sensitive files (e.g., .env, .pem, id_rsa) and strings (e.g., API keys, private key headers) to identify security risks within the project. It does not contain any network operations or mechanisms to exfiltrate this data.
[PROMPT_INJECTION]: The skill is designed to ingest and report on untrusted repository code. It mitigates potential risks through a defined triage process where findings are quoted as data for review, rather than executed or interpreted as instructions.

audit-security