The Agent Skills Directory

[SAFE]: A thorough analysis of the skill documentation and scripts revealed no indicators of prompt injection, obfuscation, or malicious intent.\n- [COMMAND_EXECUTION]: The provided assessment tool (scripts/agent.py) executes local cloud CLI commands (aws, gcloud) to audit infrastructure. These commands are executed using structured argument lists with subprocess.run, which is a secure implementation that prevents shell injection.\n- [EXTERNAL_DOWNLOADS]: The skill workflow and scripts reference official endpoints for Microsoft Graph and Google Cloud APIs, as well as documentation from trusted cloud providers. These references are essential for the skill's stated purpose and target well-known, trusted services.\n- [CREDENTIALS_UNSAFE]: All sensitive configuration parameters in the guides (such as CLIENT_ID, CLIENT_SECRET, and TENANT_ID) are clearly marked with placeholders, preventing any risk of hardcoded credential exposure.

implementing-zero-trust-network-access