skills/mukul975/anthropic-cybersecurity-skills/triaging-vulnerabilities-with-ssvc-framework/Gen Agent Trust Hub
triaging-vulnerabilities-with-ssvc-framework
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches data from official cybersecurity sources including CISA's KEV catalog, the FIRST EPSS API, and the NVD API.\n- [COMMAND_EXECUTION]: Runs local Python scripts to parse and categorize vulnerability data from scan files.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to processing untrusted scanner reports.\n
- Ingestion points: CSV and XML parsing logic in scripts/process.py.\n
- Boundary markers: Absent; delimiters are not used to separate processed data from instructions.\n
- Capability inventory: Network requests (requests.get) and file system writes (json.dump/csv.DictWriter) in agent.py and process.py.\n
- Sanitization: Basic validation of CVE identifier formats is present.
Audit Metadata