The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill's Python scripts (agent.py and process.py) perform network requests to retrieve vulnerability metadata and threat intelligence. These requests are directed to well-known and trusted official repositories, including: NIST NVD API (services.nvd.nist.gov), FIRST EPSS API (api.first.org), and CISA KEV Catalog (www.cisa.gov). These are documented as safe retrieval of industry-standard security data.
[COMMAND_EXECUTION]: No usage of dangerous functions like eval(), exec(), or subprocess calls on untrusted input was found. The code uses standard libraries for mathematical calculations and JSON/CSV processing.
[DATA_EXFILTRATION]: No evidence of unauthorized data transmission or credential theft. The network activity is strictly limited to 'GET' requests for public vulnerability data.
[PROMPT_INJECTION]: The markdown documentation and report templates do not contain any instructions aimed at overriding agent behavior or bypassing safety filters.
[CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or secrets were detected. The NVD API used in process.py can be used without a key for limited requests, and no key is hardcoded or required in the provided logic.

prioritizing-vulnerabilities-with-cvss-scoring