Code Security Audit

The skill implements a local repository security scanner that matches its description; its instructions and files are consistent with an on‑repo audit toolkit, with only minor metadata mismatches to note.

This is a coherent, on-repo security audit toolkit. Before running it: (1) review scripts (scripts/security-audit.sh) and CI templates to confirm they match your expectations; (2) run scans in an isolated environment or local container so findings (especially secrets) do not leak into public CI logs or third-party storage; (3) ensure required tools (grep, find, npm, pip, openssl, curl, git) are installed — the registry metadata omitted these but the script needs them; (4) if you use the GitHub/GitLab templates, be aware audit artifacts and step summaries can contain sensitive findings — restrict artifact access and sanitize outputs if needed; (5) consider running a dry/quick scan first and inspect outputs before generating shared reports. Overall the skill appears to do what it claims (benign), but treat any discovered secrets as sensitive and rotate/secure them if exposed.