security-agent-discovery
Discover, inspect, import, refresh, and export Security Agent vulnerability data from a pip-installed setup. Use when Codex needs to list Azure Defender findings, filter by repo/severity/CVE/fixable state, refresh the local UI vulnerability cache, import Security Platform findings through explicit cookie and DPoP values, or explain discovery-only workflows without cloning the controller repo.
Security Agent Discovery
Use this skill for read-only vulnerability discovery and data ingestion from a pip-installed Security Agent setup. Do not start fixes, clone repos, push branches, or create PRs from this workflow.
Preflight
Run from the central workspace. If any command fails, use $security-agent-setup.
cd ~/security-agent
test -f .env
.venv/bin/edi-security-agent --version
Use only the pip-installed CLI/UI from ~/security-agent. Do not call repo-local Python modules, Azure fetcher scripts, or files from edi-security-agent-controller.
If setup needs Artifactory credentials, route to $security-agent-setup for the opt-in chat credential forwarding flow or own-Terminal fallback.
If plain pip3 or a global edi-security-agent works but .venv/bin/edi-security-agent is missing, do not use the global install. Explain the pip-scope mismatch and route to $security-agent-setup so the package is installed into ~/security-agent/.venv.
Workflow
- Prefer Azure Defender as the primary source. Required live Defender config is
AZURE_REGISTRY_NAMEandAZURE_ASSESSMENT_KEY;AZURE_SUBSCRIPTION_IDis strongly recommended. - Use explicit CLI listing for terminal workflows:
.venv/bin/edi-security-agent defender list --severity high
.venv/bin/edi-security-agent defender list --repo edi-claim-pacdr-batch-intake --severity high
.venv/bin/edi-security-agent defender list --repo edi-claim-pacdr-batch-intake --fixable-only
.venv/bin/edi-security-agent defender list --severity high --format json
- Treat
--severity highas a minimum threshold for CLI Defender listing. It includescriticalandhigh. - For UI cache refresh, use the API only when the local UI/server is running:
curl -X POST "http://127.0.0.1:8000/api/vulns/refresh?source=azure-defender"
- For Security Platform import, use only explicit user-provided
ASK ID, session cookie, and DPoP through the UI/API. Never invent, persist, or log credential values. - Use exports only for reporting and analysis. Export mode is handled by
/api/vulns/export.
Repo Names
Normalize Azure image repositories from iedi-* to GitHub-style edi-* when comparing with repo names. If the requested repo is ambiguous, list candidate repos and ask for the exact one before any fix workflow.
Safety
- Discovery is deterministic and does not use AI for remediation.
- Do not run
defender fixfrom this skill. - Do not bypass the installed CLI by running repo-local scripts or Python modules.
- Do not store cookies, DPoP values, GitHub tokens, OAuth secrets, or Azure credentials in files.
- If the user asks to fix or remediate findings, switch to the local-fix or CCA-fix skill.
Related Assets
security-agent-local-fix
Run local Security Agent remediation from a pip-installed setup with the Codex executor. Use when Codex needs to plan or execute edi-security-agent defender fix with --executor codex or --executor local, dry-run Maven CVE remediation, apply local fixes, create Git branches/PRs, or explain the local autonomous Codex remediation path without cloning the controller repo.
Owner: edi-security-agent
security-agent-setup
Set up Security Agent for users who have not cloned the controller repo. Use when Codex needs to create ~/security-agent, create a Python virtual environment, install the pip3 package edi-security-agent, explain private Artifactory package index setup when package install fails, verify edi-security-agent --version, guide local .env creation for Azure Defender and optional GitHub/OpenAI values, verify az login, or troubleshoot private package index configuration.
Owner: edi-security-agent
security-agent-ui-runs
Operate the Security Agent local FastAPI/UI workflow from a pip-installed setup. Use when Codex needs to start or inspect edi-security-agent-ui, refresh vulnerability data in the local SQLite cache, use the natural-language chat workflow, create/monitor/cancel UI runs, or explain local dashboard run behavior without cloning the controller repo.
Owner: edi-security-agent
security-agent-cca-fix
Run or explain Security Agent remediation through GitHub Copilot Cloud Agent from a pip-installed setup. Use when Codex needs to use --executor cca or --executor auto, create remote Copilot/CCA remediation tasks, reason about CCA budget/status, or compare local Codex execution with remote GitHub Cloud Agent execution without cloning the controller repo.
Owner: edi-security-agent
MCP Server Development Standards (Optum)
Standards, patterns, and guardrails for building Model Context Protocol (MCP) servers compatible with Wall-E, VS Code Copilot, and enterprise systems.
Owner: epic-platform-sre
harmony-sdk-discovery
Discover and explore available Harmony components and APIs from installed packages
Owner: pcorazao

