The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and processes untrusted data from external Fortify Software Security Center (SSC) servers, including vulnerability descriptions, audit history, and AI-generated remediation advice from 'Fortify Aviator'. \n- Ingestion points: Data enters the context via tools such as fcli_ssc_issue_list and fcli_ssc_appversion_get, specifically when retrieving issue details and comments as described in references/provide-recommendations.md. \n- Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the ingested data as untrusted or to ignore embedded commands. \n- Capability inventory: The skill enables the agent to execute a wide range of shell commands through the fcli toolset, including scan management and file packaging. \n- Sanitization: No sanitization or validation of server-provided strings is performed before the agent presents the content to the user or acts upon it.\n- [COMMAND_EXECUTION]: The skill utilizes the fcli command-line interface to interact with Fortify products. It performs standard operations such as listing applications, counting issues, and managing scans based on user requests.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the download of ScanCentral client components using the fcli_ssc_action_package tool when the --sc-client-version parameter is set to 'latest'. This is a standard administrative functionality for maintaining tool compatibility with the server infrastructure.

fortify-onprem