skillaudit.sh – Security audit for AI skill files in GitHub

Summary: skillaudit.sh scans AI skill files in public GitHub repositories to detect security risks such as prompt injection, data exfiltration, and privilege escalation. It provides a severity breakdown, verdict, and actionable findings without requiring login.

What it does

It analyzes SKILL.md, cursorrules, and AGENTS.md files by URL input, delivering a report with risk severity and a Clean-to-Dangerous verdict. Optional LLM verification helps reduce false positives.

Who it's for

Developers and teams reviewing AI configuration files before deployment.

Why it matters

It addresses the lack of tooling to audit AI skill files, which can be exploited to exfiltrate code or override safety constraints.