Rules Reference

skill-issue includes 50+ built-in security rules organized into 8 categories. Each rule has a unique ID, default severity, and regex-based detection pattern.

Secrets Detection (SL-SEC-*)

Detects hardcoded credentials, API keys, tokens, and other secrets.

Rule ID	Name	Severity	Detects
SL-SEC-001	API Key Pattern	Error	Generic API keys (16+ characters)
SL-SEC-002	AWS Access Key	Error	AKIA/ASIA prefix keys
SL-SEC-003	Private Key Block	Error	RSA, EC, DSA, OpenSSH private keys
SL-SEC-004	Password Assignment	Error	Hardcoded passwords with quotes
SL-SEC-005	Bearer Token	Error	Bearer tokens (20+ chars)
SL-SEC-006	GitHub Token	Error	ghp_, gho_, ghu_, ghs_, ghr_ tokens
SL-SEC-007	Generic Secret Assignment	Warning	secret, token, credential assignments
SL-SEC-008	Connection String	Error	DB connection strings with credentials

Hidden Content Detection (SL-HID-*)

Detects obfuscated, encoded, or hidden content that may conceal malicious payloads.

Rule ID	Name	Severity	Pattern
SL-HID-001	Suspicious Unicode Characters	Error	Zero-width, bidirectional, variation selectors
SL-HID-002	HTML Comment Hiding	Warning	HTML comments with suspicious keywords
SL-HID-003	Base64 Encoded Content	Warning	40+ characters of base64
SL-HID-004	Hex Encoded Content	Warning	8+ hex byte sequences
SL-HID-005	URL Encoded Content	Warning	8+ URL encoded sequences
SL-HID-006	Invisible Unicode in Code Block	Error	Code blocks with invisible characters
SL-HID-007	Data URI Embedding	Warning	data: URIs with base64 content
SL-HID-008	Steganographic Reference	Info	Steganography-related keywords
SL-HID-009	Obfuscated Variable Names	Warning	_0x and \xNN naming patterns

Network Activity (SL-NET-*)

Detects network requests, socket connections, and data exfiltration patterns.

Rule ID	Name	Severity	Detects
SL-NET-001	URL in Skill Content	Info	HTTP(S) URLs
SL-NET-002	Curl Command	Warning	curl with HTTP URLs
SL-NET-003	Wget Command	Warning	wget with HTTP URLs
SL-NET-004	Fetch API Call	Warning	JavaScript fetch() calls
SL-NET-005	XMLHttpRequest	Warning	XHR usage
SL-NET-006	Socket Connection	Error	WebSocket, net.connect, socket.connect
SL-NET-007	DNS Lookup	Warning	DNS resolution calls
SL-NET-008	IP Address Literal	Info	Hardcoded IP addresses
SL-NET-009	Python Requests Library	Warning	requests.get/post/put/delete
SL-NET-010	Data Exfiltration Pattern	Error	Network calls with secret/password/token

File System Access (SL-FS-*)

Detects sensitive file operations, path traversal, and dangerous file system access.

Rule ID	Name	Severity	Detects
SL-FS-001	Sensitive File Access	Error	/etc/passwd, .ssh/, .env, .aws/credentials
SL-FS-002	Home Directory Traversal	Warning	~/, $HOME, %USERPROFILE%
SL-FS-003	Path Traversal	Error	Multiple ../../ sequences
SL-FS-004	Temporary File Operations	Info	/tmp, tempfile, mktemp
SL-FS-005	File Write Operations	Warning	writeFile, open('w'), fs.write
SL-FS-006	File Deletion	Warning	rm -rf, os.remove, fs.unlink
SL-FS-007	File Permission Change	Warning	chmod, os.chmod
SL-FS-008	Symlink Creation	Warning	ln -s, os.symlink
SL-FS-009	Glob/Wildcard Operations	Info	glob(), find / -name

Code Execution (SL-EXEC-*)

Detects shell commands, eval/exec calls, and dynamic code loading.

Rule ID	Name	Severity	Detects
SL-EXEC-001	Shell Command Execution	Error	subprocess, child_process, os.system
SL-EXEC-002	Eval Usage	Error	eval() calls
SL-EXEC-003	Exec Usage	Error	exec() calls
SL-EXEC-004	Function Constructor	Error	new Function() in JavaScript
SL-EXEC-005	Sensitive Module Import	Info	Imports of child_process, fs, net, http
SL-EXEC-006	Cron/Scheduled Tasks	Warning	crontab, schedule, setInterval
SL-EXEC-007	Package Installation	Warning	npm/pip/gem install commands
SL-EXEC-008	Bash/Shell Script Inline	Warning	bash -c, sh -c
SL-EXEC-009	Python Code Compilation	Warning	compile() with 'exec', __import__()
SL-EXEC-010	Process Manipulation	Error	os.kill, process.kill, process.exit

Injection Attacks (SL-INJ-*)

Detects prompt injection, SQL injection, command injection, and other attack vectors.

Rule ID	Name	Severity	Targets
SL-INJ-001	Prompt Injection Pattern	Error	"ignore previous instructions"
SL-INJ-002	System Prompt Override	Error	system:, <|system|>, <<SYS>>
SL-INJ-003	Role Manipulation	Error	"act as if you are", "pretend you are"
SL-INJ-004	Instruction Boundary Bypass	Error	"end of instructions"
SL-INJ-005	SQL Injection Pattern	Warning	SELECT/INSERT/UPDATE/DELETE patterns
SL-INJ-006	Command Injection Metacharacters	Warning	; cat, backticks, $()
SL-INJ-007	Template Injection	Warning	{{config}}, {{self}}
SL-INJ-008	XSS Pattern	Warning	<script>, javascript:, on* handlers
SL-INJ-009	Jailbreak Keywords	Warning	"DAN mode", "jailbreak", "bypass safety"

Social Engineering (SL-SOC-*)

Detects manipulation techniques, urgency language, and trust exploitation.

Rule ID	Name	Severity	Patterns
SL-SOC-001	Urgency/Authority Language	Warning	"CRITICAL", "URGENT", "emergency override"
SL-SOC-002	Confidentiality Claim	Warning	"do not share", "keep secret"
SL-SOC-003	Trust Manipulation	Warning	"trust me", "authorized by Anthropic"
SL-SOC-004	Output Suppression	Warning	"do not output", "suppress output"
SL-SOC-005	Persona/Identity Override	Warning	"you are now", "your new name is"
SL-SOC-006	Emotional Manipulation	Info	"lives depend on", "will die/suffer"
SL-SOC-007	Reward/Punishment Framing	Info	"you will be rewarded/punished"

Metadata Issues (SL-META-*)

Validates skill metadata, descriptions, and permissions.

Rule ID	Name	Severity	Checks
SL-META-001	Metadata Validation	Warning	Name/description field validation
SL-META-002	Missing Skill Description	Warning	Missing description in frontmatter
SL-META-003	Excessive Permissions Claim	Warning	permissions: all, full, admin, root
SL-META-004	Version Mismatch Indicator	Info	Suspicious versions: 0.0.0, 999, dev
SL-META-005	Suspicious Author Field	Info	Authors: admin, root, system, test
SL-META-006	Description/Content Mismatch	Warning	Benign description but suspicious code