The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were identified in the skill's code or configuration files.- [COMMAND_EXECUTION]: The skill explicitly requests permissions for Bash(docker:*) and Bash(kubectl:*) tools in its metadata. These tools grant the agent significant control over container environments and Kubernetes clusters, which is appropriate and necessary for performing security audits and compliance scans as described in the skill's purpose.- [INDIRECT_PROMPT_INJECTION]: The skill implements a file ingestion surface in scripts/snyk_scan.sh and scripts/trivy_scan.sh that reads and parses external files. This creates a potential surface for indirect prompt injection if the agent processes malicious instructions embedded in scan results or configuration files. However, the current implementation only performs basic JSON validation and does not exhibit unsafe interpolation.
Ingestion points: The scripts read files from user-specified paths or the local filesystem using Path.rglob and json.load.
Boundary markers: No specific boundary markers or 'ignore' instructions are present to delimit external data from agent instructions.
Capability inventory: The skill has access to powerful shell tools (docker, kubectl) which could be exploited if an injection occurred.
Sanitization: No sanitization or content filtering is implemented for the data read from files.

scanning-container-security