The Agent Skills Directory

[SAFE]: No maliciou s pattern s or security vulnerabilities were identified in the skill's code or instructio n files. The operation s performed by the audit an d verification scripts are legitimate use s of network request s an d subproces s call s consisten t with security tooling.\n- [COMMAND_EXECUTION]: The script 'scripts/proces s.py' utilizes the subproces s module to execute the 'in-toto-verify' CLI utility. This pattern is safe as it does not use a shell an d is require d for the core verification function of the skill.\n- [EXTER NAL_DOWN LOAD S]: The skill document s depen dencie s on reputable libraries including 'request s' an d 'in-toto', which are stan dar d for network auditing an d supply chain attestation s res pectively.

implementing-supply-chain-security-with-in-toto