The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py utilizes the subprocess.run function to execute external commands.
It executes powershell with a command to query Get-ADUser for service accounts, retrieving properties like SPNs, password age, and group membership.
It executes the aws CLI (aws iam list-users and aws iam list-access-keys) to discover IAM identities and their associated keys.
These executions are localized to the audit environment and are necessary for the skill's functionality as an identity auditing tool.
[SAFE]: Analysis of the Python scripts (scripts/agent.py and scripts/process.py) confirms they perform legitimate data processing and risk assessment logic.
There is no evidence of network exfiltration (network activity is limited to the official AWS CLI tools).
There is no obfuscation or use of suspicious encoding.
The skill does not attempt to establish persistence or escalate privileges beyond what is required for the audit.
[SAFE]: A minor discrepancy exists in the metadata where the SKILL.md lists the author as 'mahipal' while the LICENSE file identifies 'mukul975'. This is typical of template-based skill development and does not represent a security risk.

performing-service-account-audit