CI/CD Vulnerabilities — Skill Entry
This SKILL.md is the entrypoint for the CI/CD Vulnerabilities skill.
The skill encodes the OWASP Top 10 CI/CD Security Risks as structured, machine-readable references that an agent can query to identify, assess, and remediate CI/CD pipeline security risks.
Normative references (CI/CD Top 10)
- •00 Vulnerability Index
- •01 Insufficient Flow Control Mechanisms
- •02 Inadequate Identity and Access Management
- •03 Dependency Chain Abuse
- •04 Poisoned Pipeline Execution
- •05 Insufficient PBAC
- •06 Insufficient Credential Hygiene
- •07 Insecure System Configuration
- •08 Ungoverned Usage of 3rd Party Services
- •09 Improper Artifact Integrity Validation
- •10 Insufficient Logging and Visibility
Skill layout
- •
SKILL.md— this file (skill entrypoint). - •
references/— the CI/CD Top 10 normative documents.- •
00-vulnerability-index.md— master index of all vulnerability identifiers, categories, and cross-references. - •
01through10— one document per vulnerability aligned with OWASP CI/CD Security numbering.
- •
- •
assets/— reusable format and constants blocks.- •
constants/— vulnerability catalog and category definitions.- •
constants-cicd-catalog-v1.0.0.md
- •
- •
formats/— output contract examples.- •
format-vulnerability-assessment-v1.0.0.md - •
format-remediation-checklist-v1.0.0.md
- •
- •