setup-security-agent
Installation
SKILL.md
AWS Security Agent — Setup
This skill handles ONE thing: making sure the workspace has a working agent space, IAM service role, and S3 bucket linked together. Scans and pentests live in separate skills and assume this is done.
Local state convention
All Security Agent skills share workspace-local state at .security-agent/:
config.json—{ "agent_space_id": "as-...", "region": "us-east-1", "code_reviews": { "<abs_path>": "cr-..." } }. Account ID, role ARN, and bucket name are derived by convention. Thecode_reviewsmap lets scans reuse the same CodeReview for a workspace.scans.json— array of{ scan_id, code_review_id, job_id, agent_space_id, scan_type, title, started_at, status, path }(keep last 50)pentests.json— same shape, for pentest jobs.gitignore— contents*so this directory stays untrackedfindings-{scan_id}.md— written by the scan skill after each scan completes
This skill's job is to populate config.json and create .gitignore.