The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides a diagnostic tool in scripts/agent.py that utilizes the boto3 library to audit AWS Lambda configurations. It also includes instructions for using the AWS CLI to manage IAM roles and function settings. All commands are standard administrative operations intended for security auditing and hardening.
[EXTERNAL_DOWNLOADS]: The workflow recommends integrating well-known security tools such as Snyk, Semgrep, and Trivy for vulnerability scanning. It also references official GitHub Actions from trusted organizations (e.g., actions/checkout, snyk/actions, returntocorp/semgrep-action). These downloads are from verified, reputable sources and are standard in DevSecOps pipelines.
[SAFE]: The skill demonstrates a strong security posture by explicitly teaching input validation using jsonschema and parameterized database queries to prevent injection attacks. The auditing script performs read-only metadata checks and does not exfiltrate sensitive data or execute arbitrary remote code.

securing-serverless-functions