✓Dependency ScanOSV + CISA KEV + EPSS — known vulnerabilities in declared deps
✓Static AnalysisSemgrep community rules — shell injection, path traversal, system writes
✓Secret ScanGitleaks + credential heuristics — leaked keys, tokens, passwords
✓YARA ScanNeo23x0 signature-base — malware, packers, suspicious binaries
✓IOC MatchURLhaus + ThreatFox + Feodo + MalwareBazaar — malicious URLs, IPs, hashes
✓BehavioralShell injection, eval, fetch-exec, large base64, capability overreach
✓Prompt InjectionInstruction overrides, role manipulation, safety bypasses in SKILL.md