The Agent Skills Directory

[COMMAND_EXECUTION]: The skill orchestrates the execution of multiple security assessment and remediation tools, including Semgrep, OWASP ZAP, and GitLeaks, via specialized subagent types.
[EXTERNAL_DOWNLOADS]: The workflow incorporates dependencies on external security databases and tools such as Snyk and Trivy, which are well-known technology services for vulnerability and dependency auditing.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes external systems or codebases provided via the $ARGUMENTS variable. 1. Ingestion points: The $ARGUMENTS parameter which accepts arbitrary target information for scanning. 2. Boundary markers: No delimiters or specific 'ignore instructions' warnings are present in the prompts to distinguish untrusted content. 3. Capability inventory: Orchestrated agents have permissions to modify code, configure infrastructure (WAF, Network Policies), and manage secrets. 4. Sanitization: There is no evidence of explicit sanitization or input validation for the processed content before it influences subagent actions.

security-scanning-security-hardening