doc-scanner

Scans for project documentation files (AGENTS.md, CLAUDE.md, GEMINI.md, COPILOT.md, CURSOR.md, WARP.md, and 15+ other formats) and synthesizes guidance. Auto-activates when user asks to review, understand, or explore a codebase, when starting work in a new project, when asking about conventions or agents, or when documentation context would help. Can consolidate multiple platform docs into unified AGENTS.md.

2.00x

Quality

92%

Does it follow best practices?

Impact

98%

2.00x

Average score across 3 eval scenarios

Securityby

Risky

Do not use without reviewing

1 high severity finding. You should review these findings carefully before considering using this skill.

High

W007: Insecure credential handling detected in skill instructions

What this means

The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.

Why it was flagged

Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read complete documentation files and consolidate/generate AGENTS.md (and "Quick Commands"), which can cause the LLM to capture and reproduce any API keys, tokens, or passwords contained in those files verbatim; there is no requirement to redact or avoid outputting secrets.

Report incorrect finding

Repository: NeverSight/skills_feed
Commit: 5342bca

Audited: 13 days ago
Security analysis

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.