The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill provides a command to install the Trivy security scanner by piping a shell script from a remote URL directly to the shell. This is a common but sensitive installation pattern.
Evidence: curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin in SKILL.md.
Context: The script originates from the official repository of Aqua Security, a well-known security vendor.
[EXTERNAL_DOWNLOADS]: Fetches vulnerability data from the National Vulnerability Database (NVD) API and downloads installation scripts for required tools from GitHub.
Evidence: curl -s "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-XXXX-YYYY" and the Trivy installation URL in SKILL.md.
[COMMAND_EXECUTION]: The skill executes multiple shell commands to detect project language types and run various security auditing tools like npm audit, pip-audit, and semgrep.
Evidence: Use of ls, npm audit, pip-audit, govulncheck, cargo-audit, and semgrep throughout SKILL.md.
[PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill ingests data from untrusted sources (project files and tool outputs) and processes it with high-capability tools.
Ingestion points: Project files (package.json, requirements.txt, etc.) and security tool outputs in JSON/text formats.
Boundary markers: None specified; instructions and data are not clearly delimited.
Capability inventory: Shell execution (bash) and network access (curl).
Sanitization: No explicit logic is provided to sanitize or validate external content before interpolation or reporting.

security-scan