Agentic Developers
Secure your AI rules and skills before they influence your AI assistant.
AI-native IDEs—Cursor, Windsurf, Claude CLI, Zed, and similar tools—use skill files (SKILL.md, .cursorrules, .windsurfrules, AGENTS.md) to customize how the AI behaves in your projects. These files are powerful: they inject context, define workflows, and shape every response. They are also a vector for attack.
If a skill file contains prompt injection, data exfiltration, or privilege escalation patterns, your AI session could leak code, override safety constraints, or suggest dangerous commands. Malicious rules might come from copied templates, forked repos, or compromised dependencies.
skillaudit scans your GitHub repositories for all supported skill files. Paste a repo URL to get an instant report. We flag prompt injection attempts, outbound data sending, sudo and sensitive path access, hallucinated packages, and obfuscated content. Fix findings before they affect your workflow.