The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts scripts/agent.py and scripts/process.py execute the trivy command-line utility to perform container and configuration scans. These scripts correctly use subprocess.run() with a list of arguments rather than a single shell string, effectively mitigating the risk of shell injection.
[EXTERNAL_DOWNLOADS]: The skill documentation and CI/CD templates reference official GitHub Actions (aquasecurity/trivy-action) and Docker images (aquasec/trivy) provided by Aqua Security. These are well-known and trusted sources within the DevSecOps ecosystem.
[DATA_EXPOSURE]: The Dockerfile template in assets/template.md includes a standard health check instruction using Python's urllib.request. This operation is restricted to localhost and is a routine practice for container health monitoring, posing no risk of external data exfiltration.
[REMOTE_CODE_EXECUTION]: While the skill involves executing the Trivy binary, the execution is scoped to the tool's intended purpose. The scripts do not download or execute arbitrary code from untrusted remote sources.

scanning-containers-with-trivy-in-cicd