The Agent Skills Directory

[COMMAND_EXECUTION]: The skill configuration requests unrestricted access to the system shell via the Bash tool with a wildcard permission (Bash(cmd:*)). This capability is intended for running external compliance CLI tools such as tfsec, kube-bench, and checkov.
[REMOTE_CODE_EXECUTION]: The asset file assets/compliance_rules.json contains raw Python code snippets within the 'check' definitions. This structure implies the skill is designed to dynamically execute code stored in JSON data files, which presents a risk of arbitrary code execution if the configuration is tampered with. Additionally, scripts/compliance_scan.sh contains Python source code despite having a .sh file extension.
[DATA_EXFILTRATION]: The skill is designed to read and analyze highly sensitive infrastructure assets, including cloud IAM policies, Terraform configuration files, and Kubernetes manifests. The combination of high-privilege tool access and access to sensitive configuration data creates a significant exposure surface for data leakage.
[EXTERNAL_DOWNLOADS]: The skill documentation encourages the installation and use of several third-party security tools, including Checkov, tfsec, and Open Policy Agent. These resources are sourced from well-known technology organizations and official project repositories, such as those maintained by Aqua Security and the Cloud Native Computing Foundation.

checking-infrastructure-compliance