secure-skill-repo-ingestion
CommunitySecure repo ingestion with automated checks.
System Documentation
What problem does it solve?
Security checks for repository ingestion — scans repos for poisoned examples, dependency and supply-chain attacks, file/path traversal, format-based attacks, and enforces quarantine-before-commit. Load as part of the secure-* skill sequence whenever an agent reads, ingests, or learns from a GitHub repository. Also load when the user asks to check a repo for poisoned code, scan dependencies, verify supply chain safety, check for path traversal, scan repo files for attacks, or audit a repo before ingestion. Covers Issues 3, 4, 7, 8 from the agent security threat model: poisoned training data, dependency attacks, file/path attacks, and format-based attacks.
Core Features & Use Cases
- Three-layer ingestion model: Observe → Judge → Commit; No repo content enters the skill store without passing checks.
- Check 7–10 framework: Poisoned Examples (Check 7), Dependency & Supply-Chain Scan (Check 8), File/Path Attacks (Check 9), and Format-Based Attacks (Check 10); quarantine-before-commit requirement.
- Workflow: Ingest repository content safely and provide auditable provenance for security reviews.
Quick Start
Audit a repository before ingestion to ensure it is safe from poisoned data, vulnerable dependencies, and path traversal risks.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: secure-skill-repo-ingestion Download link: https://github.com/dvy1987/agent-loom/archive/main.zip#secure-skill-repo-ingestion Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.