The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill interacts with the rekor.sigstore.dev API and directs users to download the cosign tool from its official GitHub releases. These are standard operations for the Sigstore ecosystem.
[COMMAND_EXECUTION]: The provided Python agent uses subprocess.run to call the cosign and rekor-cli binaries. It correctly passes arguments as a list, which prevents command injection vulnerabilities.
[DATA_EXFILTRATION]: Artifact metadata, such as SHA-256 hashes, is sent to the public Rekor transparency log as part of the signing process. This behavior is documented and required for the skill's functionality, with no sensitive data exposure detected.
[SAFE]: No malicious patterns, such as prompt injection or persistence mechanisms, were found in the instructions or scripts.

implementing-sigstore-for-software-signing