David Drummond
Agent Skills/skill-issue

skill-issue

Scan skill directories for security vulnerabilities including prompt injection, credential leaks, hidden content, and social engineering patterns. Use when reviewing, auditing, or validating SKILL.md files before installation or deployment.

License: MITv0.1@daviddrummond95

Requires the skill-issue binary (Rust). Download from https://skill-issue.sh

skill-issue

A static security scanner for AI skill definitions. Detects prompt injection, credential leaks, hidden content, and social engineering patterns in SKILL.md files.

When to Use

  • Auditing new skills before installing them in your agent environment
  • CI pipeline checks to gate skill definitions in pull requests
  • Pre-commit hooks to catch issues before they enter your repository
  • Security reviews of third-party skill marketplaces or registries

Installation

Download the latest binary from skill-issue.sh:

curl -fsSL https://skill-issue.sh/install | sh

Or build from source:

cargo install skill-issue

Usage

Scan a single skill directory:

skill-issue scan ./my-skill/

Scan all skills in a directory:

skill-issue scan ./skills/ --recursive

Output as JSON for CI integration:

skill-issue scan ./skills/ --format json

What It Checks

The scanner runs 50+ rules across 8 categories:

Category Examples
Prompt Injection System prompt overrides, role manipulation, instruction hijacking
Secrets & Credentials API keys, tokens, hardcoded passwords, environment variable exfiltration
Hidden Content Zero-width characters, base64-encoded payloads, comment-hidden instructions
Network Exfiltration Unauthorized URL fetches, data encoding in query params, DNS exfil patterns
Code Execution Eval injection, shell command construction, dynamic code generation
Social Engineering Urgency manipulation, authority impersonation, trust exploitation
File System Access Path traversal, sensitive file reads, write to startup files
Configuration Issues Overly broad permissions, missing version pins, unsafe defaults

Example Output

$ skill-issue scan ./untrusted-skill/

  SKILL.md — 3 findings

  HIGH   prompt-injection/system-override    Line 14
         Attempts to override system prompt with "Ignore previous instructions"

  MEDIUM secrets/env-exfil                   Line 28
         References $ANTHROPIC_API_KEY without declared dependency

  LOW    config/broad-permissions            Line 3
         Requests unrestricted file system access

  Summary: 1 high, 1 medium, 1 low

Interpreting Findings

  • HIGH: Likely malicious or dangerous. Do not install without remediation.
  • MEDIUM: Potentially risky. Review carefully and understand the intent.
  • LOW: Informational. May be intentional but worth noting.

False positives can be suppressed with inline comments:

<!-- skill-issue-ignore: secrets/env-exfil -->

Or globally in a .skillissuerc config file:

ignore:
  - config/broad-permissions
Back to Agent Skills