The Agent Skills Directory

[SAFE]: The skill facilitates legitimate security auditing of container images using Trivy, a reputable and widely adopted open-source tool. The logic in the scripts and documentation is consistent with industry-standard security practices for vulnerability management.\n- [COMMAND_EXECUTION]: The Python scripts agent.py and process.py utilize the subprocess.run function with command arguments passed as lists. This approach correctly avoids the use of a shell (shell=False is default), which mitigates the risk of shell injection vulnerabilities when handling image references or configuration parameters.\n- [EXTERNAL_DOWNLOADS]: The skill provides installation steps and update procedures that reference official Aqua Security domains (aquasecurity.github.io) and GitHub Actions. These are trusted, well-known sources for the Trivy tool and its vulnerability database updates, adhering to the trusted vendor guidelines.\n- [DATA_EXFILTRATION]: Analysis of the Python scripts confirms that no sensitive local files (such as SSH keys or cloud credentials) are accessed or transmitted. Network activity is limited to downloading the necessary vulnerability signatures and interacting with container registries as configured by the end-user.\n- [PROMPT_INJECTION]: The documentation and code do not contain instructions aimed at overriding agent behavior or bypassing safety filters. All instructions are focused on the technical operation of the Trivy scanner.

scanning-docker-images-with-trivy