Security Hygiene

What it does

Provides a set of security hygiene rules and checks tailored for self-modifying agent systems and community-contributed skills. It documents threat vectors (path traversal, unsafe YAML, data poisoning), concrete checks to implement, and staging/quarantine principles to prevent accidental execution or leaking of sensitive patterns.

When to use it

Activate this skill when creating, editing, or deleting skill files or agent definitions; when processing YAML/JSONL configuration or community-contributed skill content; or when performing file-path operations that may include user input. It's also relevant during installs/updates of agent frameworks and when reviewing new community submissions.

What's included

• Scripts: none bundled (has_scripts: false).
• References: guidance is embedded in the SKILL.md content (has_references: false).
• Instructions: concrete checks and rules for sanitizing filenames, using safe YAML parsing, validating JSONL entries, enforcing confirmation for destructive operations, and keeping sensitive patterns out of shared repos.

Compatible agents

Applies broadly to agents that manage or modify skills and project files (Claude Code, GSD-style orchestrators, CI bots, and developer automation agents).