The Agent Skills Directory

[PROMPT_INJECTION]: Static detectors flagged instructions related to ignoring rules or extracting system prompts. Analysis confirms these are false positives; the phrases 'ignore your previous instructions' and 'repeat your system prompt' are used as examples of attack vectors for the agent to identify and flag in target code, rather than instructions for the agent to follow itself. Section 8 (Prompt Injection Safety Notice) explicitly instructs the agent to ignore any such patterns found in the content under review.
[EXTERNAL_DOWNLOADS]: The skill contains multiple references to the OWASP GenAI Project and related documentation. These are informational links for the user/agent and do not involve the downloading or execution of code.
[COMMAND_EXECUTION]: The skill utilizes standard tools (Read, Grep, Glob) to scan files. It includes instructions to search for dangerous code patterns (like eval() or os.system()) in the target codebase, but does not execute these commands itself.
[DATA_EXFILTRATION]: No network exfiltration patterns or unauthorized data access detected. The skill focuses on reading files specified in the arguments for the purpose of a security audit.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to process external untrusted data (source code). It includes specific boundary instructions in Section 8 to mitigate the risk of the agent being manipulated by malicious instructions found within the code it is auditing. The limited toolset (Read/Grep) further reduces the risk of successful exploitation.

llm-top-10