Security Report

• Manifest validation — required fields, semver version, contents block structure
• File structure — node types match directories, no duplicate IDs, frontmatter complete
• Connection integrity — all referenced nodes exist, no dangling edges
• External URL scan — checked for undeclared network access
• Credential patterns — scanned for hardcoded API keys, tokens, and secrets
• Shell and filesystem access — checked for undeclared command execution or file access
• Personal data indicators — scanned for PII handling patterns
• Prompt quality — skills have prompts, inputs declared, step references valid

All declared requirements match what was detected. No undeclared capabilities found.