The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires the agent to execute various command-line utilities for security scanning, including npm audit, snyk, and semgrep, through the Bash tool. This activity is the primary intended function of the skill and leverages well-known technology services.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it involves reading and triaging data from external reports (e.g., audit-results.json). An attacker capable of influencing these scan results could potentially embed malicious instructions to influence the agent's logic.\n- Ingestion points: Security tool outputs such as audit-results.json, snyk-results.json, and semgrep-results.json are read and parsed by the agent.\n- Boundary markers: The skill does not provide explicit delimiters or instructions for the agent to ignore instructions embedded within the ingested data.\n- Capability inventory: The agent has access to the Bash tool, which allows for subprocess execution and potentially exploitable system access if the agent is misled by malicious data.\n- Sanitization: There are no defined steps for validating or sanitizing the content of security reports before they are processed by the agent for remediation planning.

Vulnerability Scanning