The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/security_scan.py automates the execution of third-party security auditing tools such as bandit, pip-audit, safety, and detect-secrets. These commands are invoked using the subprocess.run function with arguments passed as a list and shell=False, which is the secure and recommended method for process execution, mitigating risk of command injection from manipulated input paths.\n- [SAFE]: The documentation in SKILL.md promotes high-quality security practices, including parameterized SQL queries, environment variable usage for secrets, and rigorous path validation. No evidence of prompt injection, data exfiltration, or persistence mechanisms was found.\n- [SAFE]: The skill processes project files for auditing. Ingestion points: files within the specified project_path. Boundary markers: None. Capability inventory: executes security tools and writes reports. Sanitization: use of list-based arguments and Path objects prevents path traversal or command injection during file handling.

auditing-python-security