The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill clones the official DefectDojo repository from GitHub and references well-known security tools like Semgrep and Nessus. These sources are considered trusted and reputable within the cybersecurity domain.
[COMMAND_EXECUTION]: Includes instructions for standard deployment operations using Git and Docker Compose. These commands are necessary for the installation and operation of the DefectDojo platform.
[DATA_EXFILTRATION]: Python scripts are provided to read local security scan reports and upload them to a DefectDojo instance. This behavior is the intended core function of the skill and the target endpoint is configurable by the user (defaulting to localhost).
[PROMPT_INJECTION]: A potential surface for indirect prompt injection exists because the skill processes untrusted scan data from external tools. However, the scripts focus on data ingestion and metrics rather than autonomous decision-making based on report content.
Ingestion points: import_scan function in scripts/agent.py and scripts/process.py
Boundary markers: None present for the content of the uploaded files
Capability inventory: Local file reading and network communication via the requests library
Sanitization: Not performed on the file content before upload
[SAFE]: No malicious patterns such as obfuscation, hardcoded credentials, or persistence mechanisms were found. The skill follows security best practices by using environment variables for sensitive configuration.

building-vulnerability-dashboard-with-defectdojo