The Agent Skills Directory

[COMMAND_EXECUTION]: The skill orchestrates the CodeQL lifecycle using Bash scripts to manage database creation, analysis, and result processing.
Uses standard system utilities (fd, rg, grep, sed, awk) for language detection and configuration management.
Invokes project-specific build systems (Make, CMake, Gradle, Maven, Cargo, .NET) to trace compilation during database construction.
Implements a sophisticated multi-step tracing workaround for macOS Apple Silicon to resolve architecture mismatches between system tools and CodeQL tracers.
[EXTERNAL_DOWNLOADS]: To ensure accurate analysis, the skill facilitates the installation of project dependencies required for CodeQL extraction.
Supports standard package managers (npm, pip, go mod, gradle, cargo) to resolve dependencies based on detected project configuration files.
Recommends the installation of necessary build tools via Homebrew (llvm, make) for specific macOS environments, ensuring the user maintains control over the system state.
[DYNAMIC_EXECUTION]: Generates runtime configurations and processes analysis outputs dynamically.
Builds custom CodeQL query suites (.qls files) at runtime for 'Important-only' and 'Run-all' modes, ensuring uniform query application across official and third-party packs.
Creates data extension YAML files to model project-specific APIs, which are then deployed to the CodeQL pack cache to improve data flow coverage.
Utilizes jq and python3 for efficient processing of SARIF results and the calculation of quality metrics.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the analyzed codebase, representing an indirect injection surface.
Analyzes project source code using Grep to identify security-relevant API patterns for modeling.
Interprets SARIF vulnerability reports produced by CodeQL to provide summaries to the user, using structured processing (jq) to minimize the risk of malicious content influencing the agent's behavior.

codeql