Skip to content

security-agent-discovery

Discover, inspect, import, refresh, and export Security Agent vulnerability data from a pip-installed setup. Use when Codex needs to list Azure Defender findings, filter by repo/severity/CVE/fixable state, refresh the local UI vulnerability cache, import Security Platform findings through explicit cookie and DPoP values, or explain discovery-only workflows without cloning the controller repo.

active
IDE:
codex
Version:
1.0.0
Owner:edi-security-agent
security
azure-defender
vulnerability
discovery
cve
optum
edi

Security Agent Discovery

Use this skill for read-only vulnerability discovery and data ingestion from a pip-installed Security Agent setup. Do not start fixes, clone repos, push branches, or create PRs from this workflow.

Preflight

Run from the central workspace. If any command fails, use $security-agent-setup.

cd ~/security-agent
test -f .env
.venv/bin/edi-security-agent --version

Use only the pip-installed CLI/UI from ~/security-agent. Do not call repo-local Python modules, Azure fetcher scripts, or files from edi-security-agent-controller. If setup needs Artifactory credentials, route to $security-agent-setup for the opt-in chat credential forwarding flow or own-Terminal fallback. If plain pip3 or a global edi-security-agent works but .venv/bin/edi-security-agent is missing, do not use the global install. Explain the pip-scope mismatch and route to $security-agent-setup so the package is installed into ~/security-agent/.venv.

Workflow

  1. Prefer Azure Defender as the primary source. Required live Defender config is AZURE_REGISTRY_NAME and AZURE_ASSESSMENT_KEY; AZURE_SUBSCRIPTION_ID is strongly recommended.
  2. Use explicit CLI listing for terminal workflows:
.venv/bin/edi-security-agent defender list --severity high
.venv/bin/edi-security-agent defender list --repo edi-claim-pacdr-batch-intake --severity high
.venv/bin/edi-security-agent defender list --repo edi-claim-pacdr-batch-intake --fixable-only
.venv/bin/edi-security-agent defender list --severity high --format json
  1. Treat --severity high as a minimum threshold for CLI Defender listing. It includes critical and high.
  2. For UI cache refresh, use the API only when the local UI/server is running:
curl -X POST "http://127.0.0.1:8000/api/vulns/refresh?source=azure-defender"
  1. For Security Platform import, use only explicit user-provided ASK ID, session cookie, and DPoP through the UI/API. Never invent, persist, or log credential values.
  2. Use exports only for reporting and analysis. Export mode is handled by /api/vulns/export.

Repo Names

Normalize Azure image repositories from iedi-* to GitHub-style edi-* when comparing with repo names. If the requested repo is ambiguous, list candidate repos and ask for the exact one before any fix workflow.

Safety

  • Discovery is deterministic and does not use AI for remediation.
  • Do not run defender fix from this skill.
  • Do not bypass the installed CLI by running repo-local scripts or Python modules.
  • Do not store cookies, DPoP values, GitHub tokens, OAuth secrets, or Azure credentials in files.
  • If the user asks to fix or remediate findings, switch to the local-fix or CCA-fix skill.

Related Assets

security-agent-local-fix

active

Run local Security Agent remediation from a pip-installed setup with the Codex executor. Use when Codex needs to plan or execute edi-security-agent defender fix with --executor codex or --executor local, dry-run Maven CVE remediation, apply local fixes, create Git branches/PRs, or explain the local autonomous Codex remediation path without cloning the controller repo.

codex
security
maven
cve
remediation
codex
+3

Owner: edi-security-agent

security-agent-setup

active

Set up Security Agent for users who have not cloned the controller repo. Use when Codex needs to create ~/security-agent, create a Python virtual environment, install the pip3 package edi-security-agent, explain private Artifactory package index setup when package install fails, verify edi-security-agent --version, guide local .env creation for Azure Defender and optional GitHub/OpenAI values, verify az login, or troubleshoot private package index configuration.

codex
security
setup
pip
azure-defender
optum
+3

Owner: edi-security-agent

security-agent-ui-runs

active

Operate the Security Agent local FastAPI/UI workflow from a pip-installed setup. Use when Codex needs to start or inspect edi-security-agent-ui, refresh vulnerability data in the local SQLite cache, use the natural-language chat workflow, create/monitor/cancel UI runs, or explain local dashboard run behavior without cloning the controller repo.

codex
security
ui
fastapi
dashboard
vulnerability
+2

Owner: edi-security-agent

security-agent-cca-fix

active

Run or explain Security Agent remediation through GitHub Copilot Cloud Agent from a pip-installed setup. Use when Codex needs to use --executor cca or --executor auto, create remote Copilot/CCA remediation tasks, reason about CCA budget/status, or compare local Codex execution with remote GitHub Cloud Agent execution without cloning the controller repo.

codex
security
cca
github
copilot
remediation
+3

Owner: edi-security-agent

MCP Server Development Standards (Optum)

experimental

Standards, patterns, and guardrails for building Model Context Protocol (MCP) servers compatible with Wall-E, VS Code Copilot, and enterprise systems.

claude
codex
vscode
mcp
sdk
wall-e
security
optum

Owner: epic-platform-sre

harmony-sdk-discovery

active

Discover and explore available Harmony components and APIs from installed packages

claude
codex
vscode
harmony
react
discovery
sdk
components
+1

Owner: pcorazao