The Agent Skills Directory

[PROMPT_INJECTION]: The skill analyzes external vulnerability scan data (e.g., from Nmap, Nessus, Trivy) located in ${CLAUDE_SKILL_DIR}/security/. This is a surface for indirect prompt injection where malicious content in a scan log could attempt to divert the agent's logic. \n
Ingestion points: ${CLAUDE_SKILL_DIR}/security/ referenced in SKILL.md. \n
Boundary markers: Absent. \n
Capability inventory: Bash, Write, Edit. \n
Sanitization: None described in the processing instructions. \n- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard security utilities (Nmap, Trivy, etc.) and bundled Python scripts. These operations are restricted by the allowed-tools YAML frontmatter and are necessary for the skill's primary function. \n- [EXTERNAL_DOWNLOADS]: The documentation contains references to official industry sources such as OWASP, MITRE CWE, and NIST. These are well-known technology organizations and are used for reference and compliance mapping, presenting no security risk.

generating-security-audit-reports