The Agent Skills Directory

[SAFE]: The skill follows security best practices by implementing strict input validation and least-privilege tool access.
[COMMAND_EXECUTION]: Orchestrates the get_cve MCP tool from the lightspeed-mcp server. It implements a critical safety check in Step 1, using a regular expression (^CVE-\d{4}-\d{4,7}$) to validate the format of CVE identifiers before they are passed to the backend tool, effectively preventing command injection or malformed input attacks.
[CREDENTIALS_UNSAFE]: Uses environment variables (LIGHTSPEED_CLIENT_ID, LIGHTSPEED_CLIENT_SECRET) for service authentication. This is the recommended practice for secure credential management in AI agent skills, avoiding hardcoded secrets within the instruction set.
[INDIRECT_PROMPT_INJECTION]: While the skill processes external data from the Red Hat Lightspeed API, the risk of indirect injection is minimized. The skill enforces a strict data schema, utilizes read-only tools for metadata retrieval, and provides the agent with explicit instructions (via references like 01-remediation-indicators.md) on how to interpret specific data fields, reducing the likelihood of the agent being misled by untrusted content.

cve-validation