The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/process.py utility uses the subprocess module to execute docker inspect and docker run commands. These calls are used to gather image metadata and verify that the container image does not provide shell access. The commands are implemented using argument lists to avoid shell injection vulnerabilities.
[EXTERNAL_DOWNLOADS]: The Dockerfiles and workflow examples pull base images (e.g., Python slim, Distroless) and security tools (e.g., Trivy, Docker Bench for Security) from trusted public registries.
[DATA_EXFILTRATION]: The scripts/agent.py script is designed to send an authentication token to a user-provided target URL. While this is functional for an audit agent communicating with an API, it represents a standard network operation that requires the user to ensure the destination endpoint is trusted.

performing-container-image-hardening