The Agent Skills Directory

[SAFE]: The skill implements a security auditing tool that performs static analysis on local repository files, including .github/workflows and Dockerfiles, to identify configuration weaknesses.
[EXTERNAL_DOWNLOADS]: The agent.py script performs HTTP GET requests to well-known package registries (registry.npmjs.org and pypi.org) to verify package availability as part of its dependency confusion check functionality.
[DATA_EXFILTRATION]: No exfiltration patterns were detected. While the skill reads workflow files, it does not transmit their contents externally; network requests are restricted to checking for the existence of package names.

detecting-supply-chain-attacks-in-ci-cd