dreadnode · GangGreenTemperTatum · May 22, 2026 · May 22, 2026
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -109,21 +109,20 @@ jobs:
 
           CAPS_JSON='${{ needs.detect-changes.outputs.capabilities }}'
           for cap in $(echo "${CAPS_JSON}" | jq -r '.[]'); do
-            cap_dir="capabilities/${cap}"
-            if [[ ! -d "${cap_dir}" ]]; then
+            skills_dir="capabilities/${cap}/skills"
+            if [[ ! -d "${skills_dir}" ]]; then
               continue
             fi
 
-            skill_count=$(find "${cap_dir}" -name "SKILL.md" -type f 2>/dev/null | wc -l | tr -d ' ')
+            skill_count=$(find "${skills_dir}" -name "SKILL.md" -type f 2>/dev/null | wc -l | tr -d ' ')
             if [[ "${skill_count}" -eq 0 ]]; then
-              echo "==> ${cap_dir}/ — no skills, skipping"
+              echo "==> ${skills_dir}/ — no skills, skipping"
               continue
             fi
 
-            echo "==> Scanning ${cap_dir}/ (${skill_count} skills)"
-            uvx --from cisco-ai-skill-scanner skill-scanner scan-all "${cap_dir}" \
+            echo "==> Scanning ${skills_dir}/ (${skill_count} skills)"
+            uvx --from cisco-ai-skill-scanner skill-scanner scan-all "${skills_dir}" \
               --recursive \
-              --lenient \
               --use-behavioral \
               --policy scan-policy.yaml \
               --format summary \

diff --git a/scan-policy.yaml b/scan-policy.yaml
@@ -100,11 +100,21 @@ severity_overrides:
   - rule_id: BEHAVIOR_EVAL_SUBPROCESS
     severity: MEDIUM
     reason: "Security tools legitimately invoke subprocesses for analysis"
+  # BEHAVIOR_BASH_TAINT_FLOW false-positives on instructional shell snippets
+  # in SKILL.md where strings such as "unsafe-eval" are parsed with grep.
+  - rule_id: BEHAVIOR_BASH_TAINT_FLOW
+    severity: MEDIUM
+    reason: "Instructional bash snippets in skills can resemble taint flow without executing untrusted input"
   # SECRET_GOOGLE_API fires on skills that scan for exposed API keys
   # as part of their security analysis (e.g. firebase-apk-scanner).
   - rule_id: SECRET_GOOGLE_API
     severity: INFO
     reason: "Scanner skills contain example API key patterns for detection"
+  # YARA_command_injection_generic fires on literal exploit payload examples
+  # embedded in offensive-security SKILL.md files.
+  - rule_id: YARA_command_injection_generic
+    severity: MEDIUM
+    reason: "Offensive security skills intentionally document exploit payload strings in markdown"
   # PATH_TRAVERSAL_OPEN fires on tools that read/write files as part of
   # their normal audit workflow (e.g. zeroize-audit writing reports).
   - rule_id: PATH_TRAVERSAL_OPEN