The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches and installs various security scanning tools (including bandit, semgrep, gosec, and brakeman) from well-known package registries such as PyPI, NPM, RubyGems, and GitHub if they are not already installed in the environment.- [COMMAND_EXECUTION]: Executes local shell and PowerShell scripts to perform language detection, tool coordination, and database management. It also executes internal Python scripts to track session data and save results to a local SQLite database.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it processes and summarizes output generated by external security scanners which could contain malicious content designed to influence the agent.
Ingestion points: Reads from tool-generated reports at bazinga/artifacts/{SESSION_ID}/skills/security_scan.json.
Boundary markers: Absent; the instructions do not specify delimiters or instructions to ignore embedded commands within scanner findings.
Capability inventory: Extensive shell command execution via the Bash tool and file system access via the Read tool.
Sanitization: The skill parses structured JSON data but interpolates raw findings (titles/descriptions) directly into the final summary report provided to the agent.

security-scan