The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses Python's subprocess.run to execute security tools like npm audit, safety, and cargo audit. These calls use argument lists rather than shell strings, which is a best practice for preventing command injection.
[EXTERNAL_DOWNLOADS]: The implementation playbooks and CI/CD examples include instructions for installing official security scanning utilities from trusted package registries like PyPI, the NPM registry, and Go's module proxy. These downloads are standard for the skill's intended purpose.

security-scanning-security-dependencies