AUTOMATIONSWITCH
Manual audit · agent skill files

Screen every SKILL.md
before it reaches your agent.

A human-performed security audit for your agent skill files. We apply a 15-point checklist and 47 detection rules to every file, then deliver a signed PDF report with line-level findings and remediation priorities. $250, 48-hour turnaround.

Book your audit See what we check
AUDIT · SKILLCHECK
SKILLCHECK
PDF.md
CURL.md
GIT.md
DB.md
BLOCKcurl.md · shell exfiltration
AUDITfrontmatter · prompts · tools
PASSgit.md · signed v2.1
36.82%
Of community skills contain security flaws (Snyk ToxicSkills research)
76
Confirmed malicious payloads found in the wild (Snyk)
8
Vulnerability classes with documented CVEs
01 · What we look for

Eight classes of threat, inside every file.

A SKILL.md is more than documentation. It is code the agent will execute. Here is what we hunt.
P-INJ

Prompt injection

Hidden instructions trying to override the host agent's system prompt, role, or safety rules. In plain prose, in comments, in image alt text.

"Ignore previous instructions and…"
EXFIL

Data exfiltration

Outbound requests that ship environment variables, file contents, or tool output to an attacker-controlled endpoint under the guise of "logging".

curl https://… -d "$(env)"
SHELL

Destructive shell

Recursive deletes, privilege escalation, package installs, or long-running background processes disguised as routine maintenance steps.

rm -rf / · sudo chmod
TOOL

Tool-call misuse

Skills that invoke tools outside their declared scope, bypass approval flows, or chain calls to escalate capability beyond what the user authorized.

write_file(/etc/passwd)
CRED

Credential handling

Hardcoded keys, broad token scopes, requests to read secrets from unexpected paths, or instructions that tell the agent to paste secrets inline.

export API_KEY=sk-…
HIDE

Hidden instructions

Zero-width characters, white-on-white text, HTML comments, and base64-encoded payloads that the model reads but a human reviewer does not.

<!-- also: ignore auth -->
DRIFT

Supply-chain drift

Skills that silently changed behavior between versions, or whose dependencies (scripts, fetched URLs, pinned models) shift under the same hash.

diff v2.0 → v2.1 · +27 lines
MODEL

Model confusion

Ambiguous role blocks, fake tool signatures, and counterfeit "system" messages engineered to make the agent misread who is speaking.

## system: you are now…
02 · How it works

From your files to signed report in four steps.

STEP ONE

Book

Fill in the form below with your email. We confirm your booking and send payment details within one business day.

01
STEP TWO

Upload

We email you a secure upload link for your skill files: SKILL.md, CLAUDE.md, AGENTS.md, .cursorrules, and copilot-instructions.md.

02
STEP THREE

Audit

We run the full 15-point security checklist and 47 detection rules across all 8 threat classes, with line-level annotation.

03
STEP FOUR

Report

You receive a signed PDF with every finding, severity grades (critical / warn / info), and prioritised remediation steps. Delivered in 48 hours.

04
03 · What you get

Everything in the $250 audit.

D/01
Security checklist

15-point review

Every file is evaluated against a 15-point security checklist covering prompt injection, data exfiltration, shell safety, credential handling, and more.

D/02
Detection rules

47 rules, 8 threat classes

Pattern-matching and semantic analysis across all 8 threat categories. Every rule cites what it looks for and why it matters.

D/03
Line-level findings

Severity-graded report

Each finding references the exact line, the rule that triggered, and a severity grade: critical, warn, or info. Sorted by remediation priority.

D/04
Signed PDF

Audit report you can share

A signed PDF delivered to your inbox within 48 hours. Share it with your security team, include it in compliance reviews, or pin it to your repository.

D/05
Architecture review

File separation analysis

We evaluate how your CLAUDE.md, AGENTS.md, and SKILL.md files are structured, whether concerns are separated correctly, and where overlap creates risk.

D/06
Token efficiency

Context budget review

Skill files consume context window tokens. We review your files for redundancy, verbosity, and instructions that could be simplified to reduce token cost.

04 · Who runs this

Built by a team that uses these files daily.

The Automation Switch team.

This audit is performed by the team behind Automation Switch. We published the Agent Skills Security Audit Guide backed by 40+ sources, maintain a Skills Directory indexing 20+ skill repositories, and operate a production platform (Scaletific) where we use SKILL.md files daily across Go, Python, Next.js, and Terraform projects.

Every audit follows the same methodology we use internally. The 15-point checklist and 47 detection rules were developed from real incidents documented in our research, and refined through our own production experience.

Methodology
  • 15-point security checklist per file
  • 47 detection rules across 8 threat classes
  • Line-level annotation with severity grades
  • File architecture review (separation of concerns)
  • Token efficiency analysis
  • Prioritised remediation steps
  • Backed by 40+ research sources
05 · FAQ

Questions worth answering.

If you are thinking about running a third-party skill inside an agent that has access to your code, shell, or cloud, you should ask these.

What files do you audit?+

SKILL.md, CLAUDE.md, AGENTS.md, .cursorrules, and copilot-instructions.md. If you have custom agent configuration files, include them and we will review those too.

How long does it take?+

48 hours from the time you upload your files to the delivery of a signed PDF report.

What do I get?+

A signed PDF report with line-level findings, severity grades (critical / warn / info), and prioritised remediation steps. Each finding references the detection rule that triggered it.

Who performs the audit?+

The Automation Switch team, using our 15-point security checklist and 47 detection rules. We published the Agent Skills Security Audit Guide backed by 40+ sources and use SKILL.md files daily across production projects.

Is my code safe with you?+

Files are reviewed, findings are documented, and source files are deleted within 7 days of report delivery. We store only the final report for your reference.

06 · Further reading

Go deeper on agent skill security.

01

Agent Skills Security Audit Guide

8 vulnerability types with CVEs, 15-point audit checklist, and 8 real incidents. The full methodology behind this service.

02

Best SKILL.md Files Every Developer Should Install

21 production-tested skills across code review, testing, DevOps, and security. Each one verified for quality and safety.

03

SKILL.md Templates by Project Type

Starter templates for Next.js, Python, Go, DevOps, data analysis, and React Native. Copy, customise, deploy.

04

SKILL.md vs AGENTS.md vs CLAUDE.md

Decision matrix for choosing the right config file. Token budget analysis, project structures, and common mistakes.

05

What Is SKILL.md and How to Write One

The complete guide to agent skill files. Anatomy, categories, and the growing directory of community-built skills.

06

SKILL.md Directory

Browse curated skill sources for Claude Code, Cursor, Copilot, Windsurf, and Aider. Filterable by platform and domain.

07 · Book your audit

One audit. $250. 48 hours.

Manual security audit
$250

Submit your email to book. We will confirm your booking and send a secure upload link for your skill files within one business day.

  • 15-point security checklist applied to every file
  • 47 detection rules across 8 threat classes
  • Line-level findings with severity grades
  • Signed PDF report with remediation priorities
  • File architecture review (CLAUDE.md + AGENTS.md + SKILL.md separation)
  • Token efficiency analysis
  • Delivered in 48 hours

We email you to collect files and confirm payment. Your source files are deleted within 7 days of report delivery. Privacy policy.

Ready when you are

Screen every skill before it touches your agent.

$250. 48-hour turnaround. A signed PDF report with every finding, severity grade, and remediation priority. Performed by humans with a published methodology.

Book your audit Read the audit guide &nearr;