Imran Siddique
|
e95bd8c4ba
|
feat: add 3 agent security skills (MCP audit, OWASP compliance, supply chain) (#1248)
* feat: add 3 agent security skills (MCP audit, OWASP compliance, supply chain)
- mcp-security-audit: Audit .mcp.json files for hardcoded secrets,
shell injection, unpinned versions, dangerous command patterns
- agent-owasp-compliance: Check agent systems against OWASP ASI 2026
Top 10 risks with compliance report generation
- agent-supply-chain: SHA-256 integrity manifests, tamper detection,
version pinning audit, promotion gates for agent plugins
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* fix: address all 9 review comments
1. Added 3 new skills to docs/README.skills.md index
2. Added imports (json, re) to shell injection check snippet
3. Updated unpinned deps wording to match code behavior (@latest only)
4. Moved check_secrets() outside per-server loop to avoid duplicates
5. Added imports note to verify_manifest snippet
6. Updated promotion_check to support both .github/plugin and .claude-plugin layouts
7. Updated CI example to cd into plugin directory before verifying
8. Added check sections for all 10 ASI controls (was missing 03, 04, 06, 08, 10)
9. Made ASI-01 code snippet runnable with actual file scanning implementation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* chore: regenerate docs/README.skills.md via npm start
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---------
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
|
2026-04-09 15:33:08 +10:00 |
|