security-operations
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill is entirely documentation-based and does not contain any executable scripts, binary files, or code blocks.
- [PROMPT_INJECTION]: The skill outlines a security operations architecture that processes untrusted external data (logs and threat feeds), representing a surface for indirect prompt injection where malicious instructions in logs could influence automated response actions. * Ingestion points: Extensive log sources (Identity, Endpoints, Network, Cloud, Applications, Email, Data, Physical) are specified for ingestion in SKILL.md. * Boundary markers: No delimiters or instructions are provided to help the agent isolate or ignore instructions embedded within the ingested data. * Capability inventory: The strategy describes SOAR integration for automated playbook execution and Tier 1 automated blocking based on ingested data in SKILL.md. * Sanitization: No validation, escaping, or sanitization protocols are defined for the data sources before they are processed by the detection logic.
Audit Metadata