The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes the conviso CLI tool to perform platform-specific operations, such as listing and updating assets. As this tool is provided by the skill's vendor (convisolabs), it is considered a legitimate resource for the skill's functionality.
[COMMAND_EXECUTION]: Local shell scripts and embedded Python snippets are used to orchestrate data collection and processing. These scripts are statically defined within the skill and are used for routine administrative tasks.
[PROMPT_INJECTION]: The skill demonstrates a vulnerability surface for indirect prompt injection because it processes external data from the Conviso platform and local CSV policy files.
Ingestion points: Data enters the skill via out/assets.json (fetched from the Conviso API) and assets/risk_policy.csv.
Boundary markers: No specific boundary markers are used to separate data from the execution logic in the shell environment.
Capability inventory: The skill possesses the capability to modify platform data via the conviso assets update command.
Sanitization: The skill mitigates risks through a dedicated validation script (30_validate_risk_plan.sh) that enforces strict formatting and value whitelists on all fields before they are passed to the update command.

conviso-asset-risk-parametrizer