writing-agent-instructions
Guides users on writing effective agent instructions for agent-native apps, enhancing clarity and usability.
Install this skill
or
45/100
Security score
The writing-agent-instructions skill was audited on Jun 11, 2026 and we found 7 security issues across 2 threat categories, including 2 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 224
Template literal with variable interpolation in command context
SourceSKILL.md
| 224 | but values must be placeholders (`<OPENAI_API_KEY>`, `${keys.SLACK_WEBHOOK}`) or |
high line 228
Template literal with variable interpolation in command context
SourceSKILL.md
| 228 | OAuth, and `${keys.NAME}` substitution for extension/automation outbound HTTP. |
medium line 93
Webhook reference - potential data exfiltration
SourceSKILL.md
| 93 | streaming, webhooks, OAuth callbacks, public SEO/OG endpoints, or binary |
medium line 217
Webhook reference - potential data exfiltration
SourceSKILL.md
| 217 | skill, action, webhook, integration, or extension touches external services. |
medium line 219
Webhook reference - potential data exfiltration
SourceSKILL.md
| 219 | tokens, webhook URLs, signing secrets, OAuth refresh tokens, private |
medium line 223
Webhook reference - potential data exfiltration
SourceSKILL.md
| 223 | Examples may name credential keys such as `OPENAI_API_KEY` or `SLACK_WEBHOOK`, |
medium line 224
Webhook reference - potential data exfiltration
SourceSKILL.md
| 224 | but values must be placeholders (`<OPENAI_API_KEY>`, `${keys.SLACK_WEBHOOK}`) or |
Scanned on Jun 11, 2026
View Security DashboardGitHub Stars 484
Rate this skill
Categoryproduct
UpdatedJune 15, 2026
claudeclaude-codefrontendreactdocxapidatabasetestingdevopsproduct-managertechnical-pmux-writergrowth-pmproject-managerproductdesignproject management
BuilderIO/agent-native