Skillaudit.sh – A minimalist security auditor for LLM skill definitions

by dns·Feb 16, 2026·1 point·0 comments

AI Analysis

●●SolidNiche GemSlick

The Take

It’s refreshingly focused: rules for prompt injection, hidden HTML comment instructions, exfiltration patterns and even HEAD checks against npm/PyPI for hallucinated packages. The site sells the minimalist ethos — small, audit-first tool for the offensive side of LLM security — but from the page it looks primarily pattern-driven, so expect heuristic false positives and limited context-aware analysis unless the engine goes deeper.

Post Description

h3ll0 HN,

I’ve spent the last 15 years in offensive security, and if there's one thing I've learned, it's that every new technology—no matter how advanced—brings its own unique breed of exploitable flaws. LLMs and autonomous agents are no exception. While they feel like "magic," from a security perspective, they are just another attack surface with specific vulnerabilities in how they define and execute "skills."

we built skillaudit.sh because I wanted a minimalist, lightweight tool to audit these new skill definitions without the overhead of heavy frameworks. It focuses on the practical, "offensive" side of LLM security.

What it audits:

- skillaudit-prompt-injection: Detects system prompt overrides and instructions hidden in HTML comments. - skillaudit-data-exfiltration: Monitors for patterns used to leak session secrets to external endpoints. - skillaudit-supply-chain-packages: Identifies hallucinated npm/pip package references (CWE-494). - skillaudit-privilege-escalation: Checks for unauthorized tool execution or access level attempts. - skillaudit-obfuscation: Flags Base64, Hex, or hidden URLs used to bypass filters.

It's still in the early stages, and I'm looking for feedback from this community on the detection patterns.

Security checks: https://skillaudit.sh/checks