A collection of portable, agent-agnostic skills for AI coding agents — Claude Code,
OpenAI Codex, OpenCode, Cursor, and any tool that can read AGENTS.md or shell out to a
script. Each skill is self-contained and aims to run with zero install across Windows,
macOS, and Linux.
Audit an untrusted agent or skill — a SKILL.md, AGENTS.md, Cursor .mdc, agent
definition, plus its bundled scripts/references — for 7 information-security risks
before you trust, install, or load it into an agent (prompt injection, code execution,
credential exfiltration, persistence, supply-chain, obfuscation, and outward-facing
actions).
Two-tier engine: a deterministic, install-free pattern scanner (Windows PowerShell 5.1
or macOS/Linux bash) that is injection-proof and CI-gatable via its exit code, plus an
LLM semantic pass for multilingual prompt-injection and attack-chain correlation. It
reports a severity-scored verdict — BLOCK / REVIEW / PASS.
→ See security-auditor/README.md.
MIT.