skills/mukul975/anthropic-cybersecurity-skills/building-detection-rule-with-splunk-spl/Gen Agent Trust Hub
building-detection-rule-with-splunk-spl
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The Python utility
scripts/agent.pyuses the well-knownrequestslibrary to communicate with the Splunk REST API for rule deployment. These network operations are necessary for the skill's primary functionality. - [COMMAND_EXECUTION]: The script
scripts/agent.pyperforms file system operations to write generated detection reports in JSON format to the local system. Thescripts/process.pyfile also generates configuration stanzas intended forsavedsearches.conf. - [SAFE]: The skill implements a comprehensive validation engine in
scripts/process.pythat evaluates SPL queries for performance risks (such as excessive wildcard use) and logical errors before they are deployed. - [SAFE]: All external references in the documentation point to legitimate industry resources including official Splunk documentation and the MITRE ATT&CK framework.
Audit Metadata