The Agent Skills Directory

[SAFE]: The skill provides legitimate instructions for configuring identity-aware proxies and micro-segmentation on AWS, Azure, and GCP.
[COMMAND_EXECUTION]: The file scripts/agent.py uses the subprocess.run method to call aws and gcloud CLI tools. The script uses list-based arguments without a shell, which is a security best practice to prevent command injection. These commands are restricted to read-only 'describe' and 'list' operations for infrastructure assessment.
[DATA_EXFILTRATION]: No network exfiltration was detected. The assessment script outputs results to the console and saves a detailed report to a local JSON file. All OIDC and API endpoints referenced in the documentation belong to well-known trusted services (Microsoft, Google).

implementing-zero-trust-network-access