AgentSkillsCN

cicd-vulnerabilities

OWASP CI/CD 十大漏洞知识库,用于识别、评估并修复持续集成与持续交付环境中的安全风险。

SKILL.md
--- frontmatter
name: cicd-vulnerabilities
description: OWASP CI/CD Top 10 vulnerability knowledge base for identifying, assessing, and remediating security risks in continuous integration and continuous delivery environments.
license: MIT
metadata:
  authors: "OWASP CI/CD Security Project"
  spec_version: "1.0"
  framework_revision: "1.0.0"
  last_updated: "2026-02-16"
  skill_based_on: "https://github.com/chris-buckley/agnostic-prompt-standard"
  content_based_on: "https://owasp.org/www-project-top-10-ci-cd-security-risks/"

CI/CD Vulnerabilities — Skill Entry

This SKILL.md is the entrypoint for the CI/CD Vulnerabilities skill.

The skill encodes the OWASP Top 10 CI/CD Security Risks as structured, machine-readable references that an agent can query to identify, assess, and remediate CI/CD pipeline security risks.

Normative references (CI/CD Top 10)

  1. 00 Vulnerability Index
  2. 01 Insufficient Flow Control Mechanisms
  3. 02 Inadequate Identity and Access Management
  4. 03 Dependency Chain Abuse
  5. 04 Poisoned Pipeline Execution
  6. 05 Insufficient PBAC
  7. 06 Insufficient Credential Hygiene
  8. 07 Insecure System Configuration
  9. 08 Ungoverned Usage of 3rd Party Services
  10. 09 Improper Artifact Integrity Validation
  11. 10 Insufficient Logging and Visibility

Skill layout

  • SKILL.md — this file (skill entrypoint).
  • references/ — the CI/CD Top 10 normative documents.
    • 00-vulnerability-index.md — master index of all vulnerability identifiers, categories, and cross-references.
    • 01 through 10 — one document per vulnerability aligned with OWASP CI/CD Security numbering.
  • assets/ — reusable format and constants blocks.
    • constants/ — vulnerability catalog and category definitions.
      • constants-cicd-catalog-v1.0.0.md
    • formats/ — output contract examples.
      • format-vulnerability-assessment-v1.0.0.md
      • format-remediation-checklist-v1.0.0.md