The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to perform essential development tasks, including executing git commands for version control, managing containers with docker pull, and updating backend dependencies via go get.
[EXTERNAL_DOWNLOADS]: Retrieves component version and tag information from Docker Hub's API (registry.hub.docker.com). This is categorized as a safe operation as it targets a well-known service for data retrieval relevant to the skill's purpose.
[REMOTE_CODE_EXECUTION]: Employs a pattern of piping curl output from Docker Hub to a local python3 command for JSON parsing. Although this involves remote data, it is used here specifically for parsing a list of image tags from a well-known service.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) because it ingests and processes content from external SARIF evidence files which could be manipulated to influence the agent's behavior. \n
Ingestion points: External data enters the agent's context when SARIF files are downloaded via the download_evidence_by_digest tool and subsequently parsed (referenced in SKILL.md). \n
Boundary markers: Absent. The skill does not employ specific delimiters or instructions to prevent the agent from obeying instructions that might be embedded in the report data. \n
Capability inventory: The agent has significant capabilities, including the ability to execute shell commands (Bash), modify source code (Edit), and create GitHub pull requests (gh pr create). \n
Sanitization: Absent. There is no evidence of sanitization or strict schema validation on the SARIF content before it is used to determine remediation steps.

vulnerability-remediation