I’ve spent the last 15 years in offensive security, and if there's one thing I've learned, it's that every new technology—no matter how advanced—brings its own unique breed of exploitable flaws. LLMs and autonomous agents are no exception. While they feel like "magic," from a security perspective, they are just another attack surface with specific vulnerabilities in how they define and execute "skills."
we built skillaudit.sh because I wanted a minimalist, lightweight tool to audit these new skill definitions without the overhead of heavy frameworks. It focuses on the practical, "offensive" side of LLM security.
What it audits:
- skillaudit-prompt-injection: Detects system prompt overrides and instructions hidden in HTML comments.
- skillaudit-data-exfiltration: Monitors for patterns used to leak session secrets to external endpoints.
- skillaudit-supply-chain-packages: Identifies hallucinated npm/pip package references (CWE-494).
- skillaudit-privilege-escalation: Checks for unauthorized tool execution or access level attempts.
- skillaudit-obfuscation: Flags Base64, Hex, or hidden URLs used to bypass filters.
It's still in the early stages, and I'm looking for feedback from this community on the detection patterns.
Security checks: https://skillaudit.sh/checks