fix: resolve all 25 agent-bom skill audit findings

skills/cspm-aws-cis-benchmark/SKILL.md

@@ -12,6 +12,8 @@ compatibility: >-
   (read-only). No write permissions needed — assessment only.
 metadata:
   author: msaad00
+  homepage: https://github.com/msaad00/cloud-security
+  source: https://github.com/msaad00/cloud-security/tree/main/skills/cspm-aws-cis-benchmark
   version: 0.1.0
   frameworks:
     - CIS AWS Foundations v3.0

skills/cspm-azure-cis-benchmark/SKILL.md

@@ -13,6 +13,8 @@ compatibility: >-
   Service principal needs Reader role. No write permissions — assessment only.
 metadata:
   author: msaad00
+  homepage: https://github.com/msaad00/cloud-security
+  source: https://github.com/msaad00/cloud-security/tree/main/skills/cspm-azure-cis-benchmark
   version: 0.1.0
   frameworks:
     - CIS Azure Foundations v2.1

skills/cspm-gcp-cis-benchmark/SKILL.md

@@ -12,6 +12,8 @@ compatibility: >-
   No write permissions — assessment only.
 metadata:
   author: msaad00
+  homepage: https://github.com/msaad00/cloud-security
+  source: https://github.com/msaad00/cloud-security/tree/main/skills/cspm-gcp-cis-benchmark
   version: 0.1.0
   frameworks:
     - CIS GCP Foundations v3.0

skills/discover-environment/SKILL.md

@@ -14,12 +14,17 @@ compatibility: >-
   Read-only — uses only viewer/audit permissions. No write access.
 metadata:
   author: msaad00
+  homepage: https://github.com/msaad00/cloud-security
+  source: https://github.com/msaad00/cloud-security/tree/main/skills/discover-environment
   version: 0.1.0
   frameworks:
     - MITRE ATT&CK
     - MITRE ATLAS
     - NIST CSF 2.0
   cloud: multi
+  optional_bins:
+    - docker
+    - kubectl
 ---
 
 # Cloud Environment Discovery

skills/gpu-cluster-security/SKILL.md

@@ -15,13 +15,18 @@ compatibility: >-
   no API calls, no network access required.
 metadata:
   author: msaad00
+  homepage: https://github.com/msaad00/cloud-security
+  source: https://github.com/msaad00/cloud-security/tree/main/skills/gpu-cluster-security
   version: 0.1.0
   frameworks:
     - MITRE ATT&CK
     - NIST CSF 2.0
     - CIS Controls v8
     - CIS Kubernetes Benchmark
   cloud: any
+  optional_bins:
+    - docker
+    - kubectl
 ---
 
 # GPU Cluster Security Benchmark

skills/iam-departures-remediation/SKILL.md

@@ -14,6 +14,8 @@ compatibility: >-
   clickhouse-connect, or httpx (Workday API).
 metadata:
   author: msaad00
+  homepage: https://github.com/msaad00/cloud-security
+  source: https://github.com/msaad00/cloud-security/tree/main/skills/iam-departures-remediation
   version: 0.2.0
   frameworks:
     - MITRE ATT&CK

skills/iam-departures-remediation/examples.md

@@ -32,8 +32,10 @@ aws cloudformation create-stack-set \
 # Set Snowflake credentials
 export SNOWFLAKE_ACCOUNT=myorg-myaccount
 export SNOWFLAKE_USER=svc_iam_reconciler
-export SNOWFLAKE_PASSWORD="$(aws secretsmanager get-secret-value \
-  --secret-id iam-reconciler/snowflake --query SecretString --output text)"
+# Retrieve password from your secrets manager (Secrets Manager, Vault, etc.)
+# Do NOT hardcode credentials. Example using AWS Secrets Manager CLI:
+#   aws secretsmanager get-secret-value --secret-id iam-reconciler/snowflake
+export SNOWFLAKE_PASSWORD="<from-secrets-manager>"
 
 # Set AWS config
 export AWS_ACCOUNT_ID=111111111111

skills/model-serving-security/SKILL.md

@@ -14,6 +14,8 @@ compatibility: >-
   no API calls, no network access required.
 metadata:
   author: msaad00
+  homepage: https://github.com/msaad00/cloud-security
+  source: https://github.com/msaad00/cloud-security/tree/main/skills/model-serving-security
   version: 0.1.0
   frameworks:
     - MITRE ATLAS

skills/vuln-remediation-pipeline/SKILL.md

@@ -15,6 +15,8 @@ compatibility: >-
   config write access.
 metadata:
   author: msaad00
+  homepage: https://github.com/msaad00/cloud-security
+  source: https://github.com/msaad00/cloud-security/tree/main/skills/vuln-remediation-pipeline
   version: 0.1.0
   frameworks:
     - MITRE ATT&CK