The Agent Skills Directory

[SAFE]: The skill is a dedicated security utility designed to perform static analysis on source code to identify potential vulnerabilities.
[SAFE]: The scanner is designed to detect hardcoded secrets (e.g., AWS keys, passwords, private keys) in codebases. While this involves displaying sensitive findings to the agent, it is the primary purpose of the tool and is performed locally without external transmission.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it reads untrusted source code and presents it to the agent for analysis. Malicious instructions hidden in comments or strings within scanned files could potentially influence the agent's behavior.
Ingestion points: scripts/security_scanner.js reads file contents via fs.readFileSync based on a path provided in $ARGUMENTS.
Boundary markers: Scanned code snippets are included in the analysis report without specific delimiters or isolation to prevent the agent from interpreting embedded instructions.
Capability inventory: The skill allows access to Bash, Read, and Grep tools.
Sanitization: The tool performs no sanitization or instruction-filtering on the ingested source code; it matches regex patterns directly on the raw file content.

analyzing-security