The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py utilizes subprocess.check_output with the shell=True parameter to execute various system audit commands (e.g., modprobe, findmnt, sysctl). This is a security best-practice violation as it can lead to command injection if the command strings are ever constructed using external or untrusted data.
[DATA_EXPOSURE]: The audit agent (scripts/agent.py) is designed to read highly sensitive system files, including /etc/shadow, /etc/gshadow, and /etc/ssh/sshd_config. While this access is necessary for a security compliance audit, it necessitates running the script with root privileges, which increases the impact of any potential vulnerability in the script.
[INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect injection via malicious data processing.
Ingestion points: scripts/process.py ingests and parses XML files provided via command-line arguments (OpenSCAP result files).
Boundary markers: None identified; the script trusts the structure and content of the provided XML file.
Capability inventory: scripts/agent.py has the capability to execute system commands via subprocess, and scripts/process.py can write JSON reports to the filesystem.
Sanitization: The xml.etree.ElementTree parser in scripts/process.py does not implement explicit protection against XML External Entity (XXE) attacks, which could allow an attacker providing a crafted XML result file to read local files or perform SSRF.
[EXTERNAL_DOWNLOADS]: The skill documentation correctly references trusted security resources, including the ComplianceAsCode and Ansible Lockdown repositories on GitHub, for official benchmarks and remediation roles.

hardening-linux-endpoint-with-cis-benchmark