The Agent Skills Directory

[COMMAND_EXECUTION]: The orchestration scripts scripts/agent.py and scripts/process.py use subprocess.run to execute external security tools (semgrep and codeql).
Evidence: subprocess.run(cmd, ...) is used in scripts/agent.py (line 18) and scripts/process.py (lines 67, 100).
The scripts correctly use list-based arguments instead of shell strings, which mitigates standard shell injection vulnerabilities. The arguments are derived from CLI parameters provided to the scripts.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it parses findings from external security tools without specific sanitization beyond truncation.
Ingestion points: The parse_sarif function in scripts/process.py (line 123) and parse_semgrep_results in scripts/agent.py (line 30) read JSON data generated by scanning tools.
Boundary markers: No explicit delimiters or instructions are used to separate untrusted data fields (like vulnerability messages) from the agent's logic.
Capability inventory: The skill has the capability to execute shell commands and write files.
Sanitization: Finding messages are truncated to specific lengths but are not sanitized for potential injection patterns before being included in consolidated reports.
[Metadata Poisoning]: There is a minor inconsistency in author metadata between the skill frontmatter and the license file.
Evidence: SKILL.md lists the author as 'mahipal', while the LICENSE file attributes copyright to 'mukul975'.

integrating-sast-into-github-actions-pipeline