The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches the Known Exploited Vulnerabilities (KEV) catalog from CISA's official JSON feed and exploit probability scores from the FIRST.org EPSS API. These are well-known and trusted cybersecurity services. Additionally, the documentation references the installation of the PSWindowsUpdate PowerShell module from the standard gallery for patch management.
[COMMAND_EXECUTION]: The script scripts/agent.py utilizes subprocess.run to execute the wmic command. This is used to query the local system for installed hotfixes and is a standard administrative practice for auditing patch levels.
[DATA_EXFILTRATION]: While the skill communicates with external APIs (cisa.gov and first.org), it only transmits public CVE identifiers to retrieve risk scoring. No sensitive endpoint data or credentials are exfiltrated.

performing-endpoint-vulnerability-remediation