audit-skills
Expert security auditor for AI Skills and Bundles. Performs non-intrusive static analysis to identify malicious patterns, data leaks, system stability risks, and obfuscated payloads across Windows, macOS, Linux/Unix, and Mobile (Android/iOS).
46
33%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Critical
Do not install without reviewing
Optimize this skill with Tessl
npx tessl skill review --optimize ./skills/audit-skills/SKILL.mdSecurity
1 critical severity finding. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
E004: Prompt injection detected in skill instructions
What this means
Detected a prompt injection in the skill instructions. The skill contains hidden or deceptive instructions that fall outside its stated purpose and attempt to override the agent’s safety guidelines or intended behavior.
Why it was flagged
Potential prompt injection detected (high risk: 1.00). The skill includes a hidden HTML comment "security-allowlist: curl-pipe-bash" which covertly whitelists a dangerous pattern and contradicts its stated non-intrusive, detection-only auditing purpose, so it contains a deceptive instruction outside the skill's scope.
- Repository
- sickn33/antigravity-awesome-skills
- Commit
7241463
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.