security-hardening

# Security Hardening — by The Agent Ledger

> **Just deliver this skill to your agent.** One paste, and your agent knows how to audit your workspace for leaked secrets, harden configs, and defend against prompt injection — no coding, no security expertise required. Your agent reads the instructions and handles the rest.

A security audit and hardening skill for AI agents. Ensures your workspace doesn't leak secrets, your configs resist prompt injection, and your agent operates with defense-in-depth principles.

**Version:** 1.0.0
**License:** CC-BY-NC-4.0
**More:** [theagentledger.com](https://www.theagentledger.com)

---

## What This Skill Does

When triggered, the agent performs a comprehensive security audit and applies hardening measures:

1. **Credential Scan** — Detect leaked API keys, tokens, passwords in workspace files
2. **Privacy Audit** — Find personal information (names, emails, addresses) that shouldn't be in shared files
3. **Config Hardening** — Add security standing orders to AGENTS.md, SOUL.md, etc.
4. **Prompt Injection Defense** — Review agent instructions for injection vulnerabilities
5. **File Permission Review** — Identify overly permissive file sharing or public exposure
6. **Remediation Report** — Actionable summary with severity ratings

---

## Quick Start

Tell your agent:

> "Run a security audit on my workspace"

Or trigger via heartbeat/cron for periodic checks.

---

## Setup

### Step 1: Understand the Audit Scope

The audit covers all files in your agent's workspace directory. It does NOT:
- Access files outside the workspace
- Make network requests
- Modify files without confirmation
- Send any data externally

### Step 2: Run the Initial Audit

Ask your agent to perform each check below. Review findings before applying fixes.

---

## Audit Checks

### Check 1: Credential Scan

Scan all workspace files for patterns matching:

| Pattern | Examples |
|---------|----------|
| API keys | `sk-...`, `AKIA...`, `ghp_...`, `xoxb-...` |
|...