The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts scripts/agent.py and scripts/process.py use subprocess.run to execute the Snyk CLI. Commands are built as argument lists and executed without a shell, mitigating the risk of shell injection vulnerabilities.
[EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the Snyk CLI and references official Snyk GitHub Actions. These resources originate from a well-known security service provider and are documented as legitimate parts of the SCA workflow.
[CREDENTIALS_UNSAFE]: The skill avoids hardcoded secrets, correctly instructing users to manage the SNYK_TOKEN using environment variables or repository secrets.
[PROMPT_INJECTION]: The skill processes output from Snyk scanning which involves reading external dependency manifests, creating a surface for indirect prompt injection.
Ingestion points: Vulnerability data is ingested from Snyk CLI JSON output in scripts/agent.py (line 123) and scripts/process.py (line 62).
Boundary markers: Absent; the scripts parse the structured JSON output directly.
Capability inventory: The scripts execute the Snyk CLI via subprocess.run and write report files to the local filesystem.
Sanitization: Package names and vulnerability titles are not explicitly sanitized before inclusion in reports or SARIF output.

performing-sca-dependency-scanning-with-snyk