The Agent Skills Directory

[SAFE]: No security issues or malicious patterns were identified in the skill content or scripts.
[COMMAND_EXECUTION]: The included scripts (scripts/agent.py and scripts/process.py) execute the trivy CLI using the subprocess.run method with argument lists. This implementation adheres to security best practices by avoiding shell execution, effectively preventing command injection risks.
[EXTERNAL_DOWNLOADS]: The skill references official and trusted resources, such as the aquasecurity/trivy-action and the aquasec/trivy Docker image, for vulnerability scanning. These components are documented neutrally as they originate from a well-known and reputable security vendor.

scanning-containers-with-trivy-in-cicd