The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py uses subprocess.run() to execute the trivy command-line tool. The implementation follows security best practices by passing arguments as a list rather than a shell string, effectively mitigating shell injection risks.
[EXTERNAL_DOWNLOADS]: The documentation and skill metadata reference official Aqua Security resources and repositories (e.g., github.com/aquasecurity/trivy). These are well-known, trusted sources for cybersecurity tooling.
[DATA_EXPOSURE]: The agent script allows users to specify an output file path via the --output parameter. While this is standard for CLI utilities, it allows the tool to write reports to arbitrary locations on the local filesystem wherever the executing agent has permissions.

performing-container-security-scanning-with-trivy