The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes standard shell commands (find, ls) for repository discovery to identify source files, build manifests (like pyproject.toml or Cargo.toml), and CI/CD configurations.
[COMMAND_EXECUTION]: It executes several industry-standard security scanning tools, including bandit, pip-audit, osv-scanner, and semgrep for Python, and cargo audit, cargo deny, cargo vet, and cargo mutants for Rust, to identify vulnerabilities and policy violations.
[COMMAND_EXECUTION]: The skill manages the lifecycle of security remediations using Git commands (git add, git commit, git revert), ensuring that all changes are applied as discrete, reversible commits.
[COMMAND_EXECUTION]: After applying security patches, the skill executes the project's internal validation tools (such as make test, make lint, and make type-check) to verify that the changes do not introduce functional regressions, automatically reverting any commit that fails these checks.
[INDIRECT_PROMPT_INJECTION]: Although the skill processes untrusted repository data, it mitigates injection risks through a multi-layered verification approach: all findings must be verified against source code using a dedicated citation script (citation_verifier.py), and all remediations require explicit human approval before being applied.

harden