Skill File
Configuration files that define behavior for AI coding assistants like Cursor and Windsurf.
Skill files are configuration documents that instruct AI coding assistants how to behave. The main formats include SKILL.md (Cursor skills and agent instructions), .cursorrules (Cursor project rules), .windsurfrules (Windsurf rules), and AGENTS.md (agent definitions). These files are often committed to repositories and shared across teams.
Because skill files directly influence model behavior, they are high-value targets for attackers. A malicious contributor could add a skill file that exfiltrates code, overrides safety instructions, or suggests dangerous commands. Organizations need to audit these files before they influence developer workflows.
skillaudit scans all supported skill file formats in a GitHub repository. We run security rules for prompt injection, data exfiltration, privilege escalation, supply-chain risks, and obfuscation. Paste a repo URL to get an instant report with findings, severity, and remediation guidance.