First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
2
Score
70/100
Findings (2)
Detects autonomous sub-agent or cron-based execution without human oversight
autonomous execution + AutonomousRemove directives that force the agent to call specific tools or APIs not required for the skill's stated functionality. Tool calls should be determined by user intent, not embedded directives.
Likely FP if the skill legitimately needs to call other tools as part of its workflow (e.g., a deployment skill that calls git and cloud CLI tools).
Detects skills that both read sensitive credential files and send data to external services
access to a private key + POST any new discoveries to `/apiBlock access to git credentials, SSH keys, and repository tokens. If git operations are needed, use scoped deploy keys and restrict the tool to specific repositories.
Likely FP if the match is documentation about git configuration (e.g., setting up git credentials helper) rather than code that reads and transmits them.