The Agent Skills Directory

[SAFE]: The skill is composed exclusively of instructional markdown files (SKILL.md, csharp-dotnet.md, threat-actor-profiles.md) designed to guide an agent through a security analysis workflow. It does not include executable code, external scripts, or network exfiltration patterns.
[PROMPT_INJECTION]: A static detector flagged the use of the phrase "ignore previous instructions" within the security guidelines section. Analysis confirms this is a defensive instruction (Section 8: Prompt Injection Safety Notice) intended to protect the agent from indirect injection attacks within processed data, rather than a malicious attempt to override system instructions. This is a false positive and represents a safe practice.
[DATA_EXFILTRATION]: The skill explicitly instructs the agent to redact or generically reference sensitive information such as credentials or API keys discovered during the modeling process. It defines the use of local tools (Read, Grep, Glob) for internal file analysis without any instructions for external data transmission.
[SAFE]: The skill uses the allowed-tools configuration to limit the agent's environment to basic file-reading capabilities, following the principle of least privilege for the intended task of document and codebase review.

threat-modeling