The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts scripts/agent.py and scripts/process.py use the subprocess.run method to execute the cloud security scanning tools prowler and scout. These executions are core to the skill's primary function of infrastructure auditing and follow safe practices by passing arguments as lists.
[EXTERNAL_DOWNLOADS]: The skill instructs the user to install established security tools such as Prowler and ScoutSuite via the Python package manager (pip). These are standard industry tools for cloud security assessments.
[PROMPT_INJECTION]: The skill processes findings from external scan reports which represents a potential indirect prompt injection surface. However, this is inherent to the nature of security auditing tools, and no actual injection patterns or malicious instructions were found in the provided files.
Ingestion points: Findings are ingested through scripts/process.py via the parse_prowler_output function which reads JSON-OCSF files.
Boundary markers: None explicitly present in the data processing scripts.
Capability inventory: Uses subprocess.run for scanner execution and open() for report generation in both scripts/agent.py and scripts/process.py.
Sanitization: Relies on standard JSON parsing without additional filtering of the content fields.

implementing-cloud-vulnerability-posture-management