The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts scripts/agent.py and scripts/process.py programmatically execute security scanners via the subprocess module. These calls use argument lists rather than shell strings, effectively mitigating command injection risks.
[EXTERNAL_DOWNLOADS]: The skill documents and utilizes reputable third-party dependencies, including boto3, azure-identity, prowler, and scoutsuite. These tools are industry standards for cloud auditing and are obtained from official registries.
[SAFE]: No evidence of malicious behavior such as data exfiltration, credential theft, or unauthorized persistence was found. The skill operates within its stated domain of cloud vulnerability management.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by parsing output from external tools. Ingestion point: scripts/process.py parsing logic. Boundary markers: None. Capability inventory: Subprocess execution and report generation. Sanitization: Uses standard JSON parsing without additional content filtering.

implementing-cloud-vulnerability-posture-management