The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes scripts such as security-checker.sh and vulnerability-scanner.py that execute shell commands to audit local systems. This includes checking firewall status via ufw or firewall-cmd, verifying SSH service configurations, and running dependency audits using pip-audit and npm audit. These operations are standard for security validation tooling.
[EXTERNAL_DOWNLOADS]: The vulnerability-scanner.py script and headers-validator.sh perform network requests to external URLs provided as input to retrieve and validate HTTP security headers. These requests are restricted to header inspection.
[DATA_EXFILTRATION]: The vulnerability-scanner.py script contains logic to scan local files for sensitive data patterns, such as AWS access keys, private keys, and API tokens. This functionality is intended for identifying credential exposure as part of a security audit.
[INDIRECT_PROMPT_INJECTION]: The skill processes potentially untrusted data from local configuration files and external URLs while having the capability to execute system commands. While this establishes an attack surface, the risk is low given the structured nature of the parsing and the specialized context of security auditing.

security-hardening