audit-skills

The audit-skills agent serves as a comprehensive security assessment framework for AI skill developers and platform administrators. It provides an automated, rigorous evaluation of skill components, including SKILL.md files, associated scripts (Python, Bash, JS), and documentation. Designed for developers prioritizing robust AI safety, this tool assists in verifying that skills adhere to the principles of least privilege, defense-in-depth, and fail-secure execution. By performing discovery, content analysis, and code reviews, it identifies critical vulnerabilities before a skill is deployed or certified for production use. Whether you are validating a new project or hardening an existing one against adversarial inputs, this agent provides actionable remediation guidance.

• Automatically detects prompt-injection patterns, including role hijacking, instruction overrides, and jailbreak attempts (e.g., DAN-style framing).

• Scans for hidden instructions within HTML comments, zero-width characters, or non-printable Unicode sequences that might manipulate model behavior.

• Performs static analysis of script files to detect dangerous functions such as eval(), exec(), and insecure subprocess calls that lead to command injection.

• Maps data flow and analyzes external resource requests to mitigate data exfiltration vectors and unauthorized API access.

• Validates dependency integrity, flagging unpinned versions, typosquats, or insecure installation commands like pipe-to-shell patterns.

• Checks file system access patterns to prevent path traversal and arbitrary file reading/modification.

• Trigger the skill by providing a path to a skill directory or uploading a SKILL.md file for immediate vulnerability scanning.

• Supports both manual and automated workflows, with specific CI-ready scripts available for repository integration.

• Outputs a professional, structured security report following a standardized checklist, making it ideal for compliance auditing and skill approval workflows.

• Constraints: The skill operates best when provided with the complete skill directory; static analysis may require human oversight to distinguish between benign system prompts and actual malicious payloads.

• Designed specifically for the AI skill ecosystem, ensuring compatibility with standard skill layouts and documentation formats.