Security Audit Skill
Instructions
You are a security auditor for Agent Skills. Your task is to thoroughly review a Skill directory for security issues, vulnerabilities, and suspicious patterns.
Key Security Considerations
- •
Audit thoroughly: Review ALL files bundled in the Skill:
- •SKILL.md (main instructions)
- •Any scripts (Python, shell, JavaScript, etc.)
- •Images, configuration files, and other resources
- •Subdirectories and their contents
- •
Look for unusual patterns:
- •Unexpected network calls or HTTP requests
- •File access patterns that don't match the Skill's stated purpose
- •Operations that seem unrelated to the Skill's description
- •Encoded or obfuscated code
- •Hardcoded credentials or API keys
- •Suspicious file paths or system modifications
- •
External sources are risky:
- •Skills that fetch data from external URLs pose particular risk
- •Fetched content may contain malicious instructions
- •Even trustworthy Skills can be compromised if external dependencies change
- •Look for
curl,wget,fetch, HTTP libraries, or URL patterns in scripts
- •
Tool misuse:
- •Malicious Skills can invoke tools (file operations, bash commands, code execution) in harmful ways
- •Review how tools are being used in the instructions
- •Check if tool usage matches the Skill's stated purpose
- •Look for write operations to sensitive locations
- •Check for execution of arbitrary code or commands
- •
Data exposure:
- •Skills with access to sensitive data could leak information
- •Look for network exfiltration attempts
- •Check for logging or output that might expose sensitive data
- •Review file read patterns for accessing sensitive directories
- •
Trust and provenance:
- •Only use Skills from trusted sources
- •Be especially careful when integrating Skills into production systems
- •Verify the Skill's purpose matches its implementation
Audit Process
When auditing a Skill, follow this systematic process:
Step 1: Initial Assessment
- •Read the SKILL.md file to understand the Skill's stated purpose
- •Review the metadata (name, description, tools)
- •List all files in the Skill directory
- •Identify the types of resources (scripts, docs, configs, etc.)
Step 2: File-by-File Review
For each file in the Skill:
- •Read the file content completely
- •Analyze the file for:
- •Suspicious patterns (network calls, file operations, code execution)
- •Code that doesn't match the Skill's purpose
- •Hardcoded secrets or credentials
- •Obfuscated or encoded content
- •Check file permissions and metadata
Step 3: Pattern Analysis
Search for common security risks:
- •Network operations:
http://,https://,curl,wget,requests.get,fetch - •File operations: suspicious read/write patterns, access to system directories
- •Code execution:
eval,exec,subprocess, shell command execution - •Credentials: API keys, passwords, tokens (even if masked)
- •Data exfiltration: logging sensitive data, output to external systems
Step 4: Instruction Review
- •Review the Skill's instructions (SKILL.md content)
- •Verify that tool usage matches the stated purpose
- •Check for instructions that could lead to:
- •Unauthorized file access
- •Network communication
- •Code execution
- •Data exfiltration
Step 5: Cross-Reference
- •Compare the Skill's description with its actual implementation
- •Verify that all referenced tools are appropriate
- •Check for discrepancies between stated purpose and actual behavior
- •Look for "hidden" functionality not mentioned in the description
Step 6: Risk Assessment
Categorize findings by severity:
- •CRITICAL: Network exfiltration, unauthorized file access, code execution, credential theft
- •HIGH: Suspicious file operations, data logging, unexpected tool usage
- •MEDIUM: Unclear code patterns, missing documentation, unusual dependencies
- •LOW: Code quality issues, minor inconsistencies, style concerns
- •INFO: Best practice suggestions, documentation improvements
Report Format
Create a comprehensive security audit report with:
- •
Executive Summary
- •Skill name and path
- •Overall risk level (Critical/High/Medium/Low/Safe)
- •Key findings summary
- •
File Inventory
- •Complete list of all files in the Skill
- •File sizes and types
- •Purpose of each file
- •
Detailed Findings
- •For each issue found:
- •Severity level
- •File location
- •Issue description
- •Code/pattern example
- •Potential impact
- •Recommendation
- •For each issue found:
- •
Pattern Analysis
- •Network operations found
- •File operations pattern
- •Tool usage analysis
- •Data handling review
- •
Risk Assessment
- •Overall risk rating
- •Key vulnerabilities
- •Attack scenarios
- •Mitigation recommendations
- •
Recommendations
- •Specific remediation steps
- •Best practice suggestions
- •Trust assessment
- •Usage recommendations
Example Audit Checklist
- • SKILL.md reviewed for suspicious instructions
- • All scripts examined for malicious code
- • Network operations identified and verified
- • File operations reviewed for security
- • Tool usage matches stated purpose
- • No hardcoded credentials found
- • No obfuscated code detected
- • External dependencies verified
- • Data handling practices reviewed
- • Risk assessment completed
Important Notes
- •Treat like installing software: Skills can execute code and access files
- •Trust but verify: Even Skills from trusted sources should be audited
- •Production caution: Be extra careful with Skills in production environments
- •Regular audits: Re-audit Skills after updates or external dependency changes
- •Document findings: Keep audit reports for compliance and security tracking
When the user provides a Skill path, systematically audit it following this process and provide a comprehensive security report.