The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts scripts/agent.py and scripts/process.py invoke external command-line tools (checkov and tfsec) to perform security audits. These invocations use Python's subprocess.run with list-based arguments, which is a secure implementation that avoids shell interpolation and protects against command injection.
[EXTERNAL_DOWNLOADS]: The skill documentation includes instructions for installing checkov via standard package managers. checkov is a widely recognized and trusted open-source security tool provided by Bridgecrew.
[PROMPT_INJECTION]: This skill possesses an indirect prompt injection surface because it processes untrusted data from local infrastructure configuration files.
Ingestion points: The scripts read files and directories specified via CLI arguments in scripts/agent.py and scripts/process.py.
Boundary markers: The scripts do not use explicit delimiters to separate scanned content from processing logic, though they treat the content as data for analysis.
Capability inventory: The skill uses subprocess.run to call external scanners and writes scan results to JSON files via json.dump.
Sanitization: Results are parsed using json.loads and processed as structured data, which is appropriate for its role as a diagnostic security tool.

implementing-infrastructure-as-code-security-scanning