The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes external data from traffic logs and OpenAPI specifications, creating a surface for indirect prompt injection where malicious content in logs could influence agent behavior.
Ingestion points: The discover_apis_from_traffic and check_api_security_controls functions in scripts/agent.py ingest data from user-provided files.
Boundary markers: No delimiters or boundary markers are utilized to separate untrusted data from processing logic.
Capability inventory: The script can read local files and write analysis reports to the filesystem.
Sanitization: Log data is parsed but not sanitized for malicious instruction patterns.
[EXTERNAL_DOWNLOADS]: The file references/api-reference.md includes documentation examples that reference external APIs and CLI tools from 42Crunch and Salt Security. These are well-known security platforms and the references are provided for educational purposes.
[SAFE]: The core functionality of the skill involves local analysis of API patterns and risk scoring, which is performed without the use of dynamic execution or unauthorized network communication.

implementing-api-security-posture-management