{"schema_version":1,"workflow_uuid":"417d0387-47f9-11f1-9bc6-00163e2b0d79","workflow_title":"OWASP ZAP — Open-Source Web Application Security Scanner","page_url":"https://tokrepo.com/en/workflows/owasp-zap-open-source-web-application-security-scanner-417d0387","raw_url":"https://tokrepo.com/raw/owasp-zap-open-source-web-application-security-scanner-417d0387","metadata_url":"https://tokrepo.com/metadata/owasp-zap-open-source-web-application-security-scanner-417d0387.json","install_plan_url":"https://api.tokrepo.com/api/v1/tokenboard/workflows/install-plan?uuid=417d0387-47f9-11f1-9bc6-00163e2b0d79&target=codex","agent_metadata":{"asset_kind":"skill","target_tools":["claude_code","codex","gemini_cli"],"install_mode":"single","entrypoint":"OWASP ZAP Overview","risk_profile":{"executes_code":false,"modifies_global_config":false,"requires_secrets":[],"uses_absolute_paths":false,"network_access":false},"dependencies":{"npm":[],"pip":[],"brew":[],"system":[]},"content_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","verification":{"commands":[],"expected_files":["OWASP ZAP Overview"]}},"agent_fit":{"target":"codex","score":98,"status":"native","policy":"allow","why":["target_tools includes codex","asset_kind skill","install_mode single","markdown-only","policy allow","safe markdown-only Codex install","trust established"],"asset_kind":"skill","install_mode":"single"},"trust":{"author_trust_level":"established","verified_publisher":false,"asset_signed_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","signature_status":"hash_only","install_count":0,"report_count":0,"dangerous_capability_badges":[],"review_status":"unreviewed","signals":["asset has usage views","author has published assets","content hash available","no dangerous capability badges"]},"provenance":{"owner_uuid":"8a911193-3180-11f1-9bc6-00163e2b0d79","owner_name":"AI Open Source","source_url":"https://tokrepo.com/en/workflows/owasp-zap-open-source-web-application-security-scanner-417d0387","content_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","visibility":1,"created_at":"2026-05-05 04:38:49","updated_at":"2026-05-23 16:32:34"},"target_adapter":{"target":"codex","adapter":"skill-directory","root":"~/.codex/skills","entrypoint":"SKILL.md","manifest_path":"~/.codex/tokrepo/install-manifest.json","staging_root":"~/.codex/tokrepo/staged/417d0387-47f9-11f1-9bc6-00163e2b0d79","install_modes":["single","bundle","split","stage_only"],"activates_files":true},"install_plan":{"schema_version":2,"target":"codex","asset_uuid":"417d0387-47f9-11f1-9bc6-00163e2b0d79","asset_title":"OWASP ZAP — Open-Source Web Application Security Scanner","source_url":"https://tokrepo.com/en/workflows/owasp-zap-open-source-web-application-security-scanner-417d0387","install_mode":"single","entrypoint":"OWASP ZAP Overview","preconditions":[{"type":"target_supported","status":"pass","message":"codex install target is supported"},{"type":"install_root","status":"pass","message":"~/.codex/skills for activated skills; ~/.codex/tokrepo/staged for staged assets"},{"type":"target_tool_metadata","status":"pass","message":"metadata allows codex"},{"type":"content_hash","status":"pass","message":"asset metadata includes content_hash"},{"type":"trust_policy","status":"pass","message":"publisher trust level is established"},{"type":"policy_decision","status":"pass","message":"allow for 417d0387-47f9-11f1-9bc6-00163e2b0d79 (single)"}],"actions":[{"type":"write_file","path":"~/.codex/skills/tokrepo-owasp-zap-open-source-web-application-security-scanner-417d0387/SKILL.md","source_name":"OWASP ZAP Overview","sha256":"2d81520ffbb3de78d0661e805d57a110b34154dde48577028061eafc5ff46640","bytes":3701,"risk":{"executes_code":false,"modifies_global_config":false,"requires_secrets":[],"uses_absolute_paths":false,"network_access":false},"if_exists":"overwrite","entrypoint":true}],"policy_decision":{"decision":"allow","requires_confirmation":false,"reasons":["safe markdown-only Codex install"]},"requires_confirmation":false,"rollback":[{"type":"remove_file","path":"~/.codex/skills/tokrepo-owasp-zap-open-source-web-application-security-scanner-417d0387/SKILL.md"}],"post_verify":[{"type":"file_sha256","path":"~/.codex/skills/tokrepo-owasp-zap-open-source-web-application-security-scanner-417d0387/SKILL.md","sha256":"2d81520ffbb3de78d0661e805d57a110b34154dde48577028061eafc5ff46640"}],"metadata":{"asset_kind":"skill","target_tools":["claude_code","codex","gemini_cli"],"install_mode":"single","entrypoint":"OWASP ZAP Overview","risk_profile":{"executes_code":false,"modifies_global_config":false,"requires_secrets":[],"uses_absolute_paths":false,"network_access":false},"dependencies":{"npm":[],"pip":[],"brew":[],"system":[]},"content_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","verification":{"commands":[],"expected_files":["OWASP ZAP Overview"]}},"agent_fit":{"target":"codex","score":98,"status":"native","policy":"allow","why":["target_tools includes codex","asset_kind skill","install_mode single","markdown-only","policy allow","safe markdown-only Codex install","trust established"],"asset_kind":"skill","install_mode":"single"},"trust":{"author_trust_level":"established","verified_publisher":false,"asset_signed_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","signature_status":"hash_only","install_count":0,"report_count":0,"dangerous_capability_badges":[],"review_status":"unreviewed","signals":["asset has usage views","author has published assets","content hash available","no dangerous capability badges"]},"provenance":{"owner_uuid":"8a911193-3180-11f1-9bc6-00163e2b0d79","owner_name":"AI Open Source","source_url":"https://tokrepo.com/en/workflows/owasp-zap-open-source-web-application-security-scanner-417d0387","content_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","visibility":1,"created_at":"2026-05-05 04:38:49","updated_at":"2026-05-23 16:32:34"},"target_adapter":{"target":"codex","adapter":"skill-directory","root":"~/.codex/skills","entrypoint":"SKILL.md","manifest_path":"~/.codex/tokrepo/install-manifest.json","staging_root":"~/.codex/tokrepo/staged/417d0387-47f9-11f1-9bc6-00163e2b0d79","install_modes":["single","bundle","split","stage_only"],"activates_files":true},"evidence_bundle":{"acceptance_gate":{"recommended_action":"install_after_plan","rule":"Agents should only activate an asset after evidence_bundle.integrity, policy_compatibility, rollback, and post_verify have been inspected.","status":"pass"},"asset_title":"OWASP ZAP — Open-Source Web Application Security Scanner","asset_uuid":"417d0387-47f9-11f1-9bc6-00163e2b0d79","eval_evidence":["https://tokrepo.com/evals/install-safety.json","https://tokrepo.com/evals/trust-evidence-coverage.json","https://tokrepo.com/evals/handoff-quality.json"],"generated_at":"2026-05-23T08:32:35Z","integrity":{"content_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","declared_content_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","file_count":1,"hash_algorithm":"sha256","install_plan_hash":"d6f8ddfb080722af7af0e0fe95428a881d4dc451698d1bfc4267e5fbc3d13ac3"},"policy_compatibility":{"permission_envelope":{"destructive":false,"executes_code":false,"file_count":1,"filesystem_write":["~/.codex/skills"],"global_config_write":false,"network":false,"requires_secrets":[],"uses_absolute_paths":false},"policy_decision":{"decision":"allow","requires_confirmation":false,"reasons":["safe markdown-only Codex install"]},"requires_confirmation":false,"target":"codex","trust_score_v2":{"recommended_action":"install_after_plan","status":"trusted","trust_score":82}},"provenance":{"asset_kind":"skill","asset_title":"OWASP ZAP — Open-Source Web Application Security Scanner","asset_uuid":"417d0387-47f9-11f1-9bc6-00163e2b0d79","computed_bundle_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","content_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","created_at":"2026-05-05 04:38:49","generated_at":"2026-05-23T08:32:35Z","install_plan_hash":"d6f8ddfb080722af7af0e0fe95428a881d4dc451698d1bfc4267e5fbc3d13ac3","owner_name":"AI Open Source","owner_uuid":"8a911193-3180-11f1-9bc6-00163e2b0d79","parent_uuid":"","schema_version":2,"source":"tokrepo_asset","source_url":"https://tokrepo.com/en/workflows/owasp-zap-open-source-web-application-security-scanner-417d0387","updated_at":"2026-05-23 16:32:34","visibility":1},"sbom":{"asset_kind":"skill","asset_title":"OWASP ZAP — Open-Source Web Application Security Scanner","asset_uuid":"417d0387-47f9-11f1-9bc6-00163e2b0d79","capability_flags":{"destructive":false,"executes_code":false,"modifies_global_config":false,"network_access":false,"requires_secrets":[]},"content_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","dependencies":{"brew":[],"mcp":[],"npm":[],"pip":[],"system":[]},"files":[{"bytes":3701,"path":"~/.codex/skills/tokrepo-owasp-zap-open-source-web-application-security-scanner-417d0387/SKILL.md","role":"entrypoint","sha256":"2d81520ffbb3de78d0661e805d57a110b34154dde48577028061eafc5ff46640","source_name":"OWASP ZAP Overview"}],"format":"SBOM-lite","install_mode":"single","schema_version":1,"target":"codex"},"schema":"https://tokrepo.com/schemas/agent-evidence-bundle.schema.json","schema_version":1,"schemas":{"asset_verification":"https://tokrepo.com/schemas/asset-verification.schema.json","evidence_bundle":"https://tokrepo.com/schemas/agent-evidence-bundle.schema.json","install_plan":"https://tokrepo.com/schemas/install-plan.schema.json","provenance":"https://tokrepo.com/schemas/provenance.schema.json","sbom":"https://tokrepo.com/schemas/agent-evidence-bundle.schema.json#/properties/sbom"},"signature_evidence":{"content_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","hash_algorithm":"sha256","install_plan_hash":"d6f8ddfb080722af7af0e0fe95428a881d4dc451698d1bfc4267e5fbc3d13ac3","schema_version":1,"signed_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","status":"hash_only","verification_notes":["hash_only evidence proves content integrity but not publisher identity unless an external signature verifies it"]},"source_url":"https://tokrepo.com/en/workflows/owasp-zap-open-source-web-application-security-scanner-417d0387","target":"codex"},"sbom":{"asset_kind":"skill","asset_title":"OWASP ZAP — Open-Source Web Application Security Scanner","asset_uuid":"417d0387-47f9-11f1-9bc6-00163e2b0d79","capability_flags":{"destructive":false,"executes_code":false,"modifies_global_config":false,"network_access":false,"requires_secrets":[]},"content_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","dependencies":{"brew":[],"mcp":[],"npm":[],"pip":[],"system":[]},"files":[{"bytes":3701,"path":"~/.codex/skills/tokrepo-owasp-zap-open-source-web-application-security-scanner-417d0387/SKILL.md","role":"entrypoint","sha256":"2d81520ffbb3de78d0661e805d57a110b34154dde48577028061eafc5ff46640","source_name":"OWASP ZAP Overview"}],"format":"SBOM-lite","install_mode":"single","schema_version":1,"target":"codex"},"signature_evidence":{"content_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","hash_algorithm":"sha256","install_plan_hash":"d6f8ddfb080722af7af0e0fe95428a881d4dc451698d1bfc4267e5fbc3d13ac3","schema_version":1,"signed_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","status":"hash_only","verification_notes":["hash_only evidence proves content integrity but not publisher identity unless an external signature verifies it"]},"provenance_v2":{"asset_kind":"skill","asset_title":"OWASP ZAP — Open-Source Web Application Security Scanner","asset_uuid":"417d0387-47f9-11f1-9bc6-00163e2b0d79","computed_bundle_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","content_hash":"957df97dc87a1a80bb20b5872e4843dfccb6e9a7bfc85cffd70bc26254307d26","created_at":"2026-05-05 04:38:49","generated_at":"2026-05-23T08:32:35Z","install_plan_hash":"d6f8ddfb080722af7af0e0fe95428a881d4dc451698d1bfc4267e5fbc3d13ac3","owner_name":"AI Open Source","owner_uuid":"8a911193-3180-11f1-9bc6-00163e2b0d79","parent_uuid":"","schema_version":2,"source":"tokrepo_asset","source_url":"https://tokrepo.com/en/workflows/owasp-zap-open-source-web-application-security-scanner-417d0387","updated_at":"2026-05-23 16:32:34","visibility":1},"transitive_dependencies":null}}