The Agent Skills Directory

[PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection. It ingests data from the external Fortify on Demand API (application names, release names, and vulnerability details) and has powerful capabilities. 1. Ingestion points: Data enters the agent context via fcli_fod_app_list, fcli_fod_release_list, and fcli_fod_issue_list (specifically when using --embed details,recommendations). 2. Boundary markers: No delimiters or ignore embedded instructions warnings are used when processing this data. 3. Capability inventory: The agent can package local files (fcli_fod_action_package) and upload files/initiate scans (fcli_fod_sast_scan_start, fcli_fod_dast_scan_upload_file). 4. Sanitization: There is no validation or filtering of the external content before it is used to inform agent actions.
[DATA_EXFILTRATION] (MEDIUM): The presence of the fcli_fod_action_package command allows for the creation of zip archives of local files. In combination with the upload capabilities of the other fcli tools, this creates a path for data exfiltration if the agent is successfully manipulated by injected instructions.
[COMMAND_EXECUTION] (LOW): The skill relies on executing system commands via the fcli tool. While these are legitimate tools for the skill's purpose, they represent a significant capability that could be abused (e.g., modifying glob patterns to include sensitive directories) if the agent's logic is compromised.

fortify-fod