Code Security

The skill is internally consistent: it is an instruction-only code-review helper that requests no installs, credentials, or unusual access and its runtime instructions match the stated purpose.

This skill appears to do what it says: review the workspace for security issues and suggest fixes. Before running it, consider: (1) the skill will read files in your current workspace — remove or temporarily redact any secrets, credentials, or sensitive files you don't want inspected or leaked in output; (2) scope the review (specific files or directories) rather than scanning an entire repository if it contains private keys or production credentials; (3) run the review on a local copy or sanitized snapshot if you are concerned; (4) the skill's source/homepage is unknown — if provenance matters to you, prefer tools from known authors or with visible source code; (5) if you are uncomfortable with autonomous invocation, you can disable model-invocation for skills or require explicit user invocation. These are operational precautions rather than technical blockers.