The Agent Skills Directory

[SAFE]: The skill is a legitimate utility for performing security audits on local codebases. Its functionality is focused on pattern matching and reporting potential vulnerabilities.
[DATA_EXFILTRATION]: Hardcoded credentials and secrets found in references/examples.md (such as 'admin123', 'dev-secret-key-123', and 'sk_tes...') are used solely as examples of vulnerable code for the agent to identify. These are not active secrets and do not pose a risk of data exposure or exfiltration.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it is designed to read and analyze untrusted application source code.
Ingestion points: The skill reads files from the user's project directory using the Read, Grep, and Bash tools as defined in SKILL.md.
Boundary markers: There are no specific delimiters or instructions to ignore embedded commands within the analyzed code files.
Capability inventory: The skill uses Read, Glob, Bash, and Grep to interact with the file system and process content.
Sanitization: No sanitization of the analyzed code content is performed.
Context: This attack surface is inherent to the skill's primary purpose of code auditing and is considered acceptable within that context.

insecure-defaults