The Agent Skills Directory

[SAFE]: The skill is a documentation-focused utility that provides instructions for security auditing. Findings related to dangerous code patterns (such as eval or exec) in reference/language-patterns.md and reference/malicious-code.md are false positives; these files contain reference examples for the agent to identify during its scanning process.
[SAFE]: All external tools and dependencies recommended (e.g., Semgrep, Bandit, TruffleHog, Snyk, Gitleaks) are reputable, well-known security utilities from trusted software ecosystems and organizations.
[SAFE]: The skill includes security best practices, such as warnings against executing untrusted code and instructions for rotating compromised secrets.
[SAFE]: The potential for indirect prompt injection via the processing of untrusted source code is an inherent aspect of the skill's primary function (security auditing) and is addressed through a structured, tool-based analysis workflow rather than blind execution of input.

source-code-scanning