The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Downloads the official Sigma rule repository from SigmaHQ on GitHub to provide a base for detection logic and community-sourced rules.\n- [EXTERNAL_DOWNLOADS]: Recommends the installation of the pySigma library and its modular backends (Splunk, Elasticsearch, Microsoft 365 Defender) from public package registries to handle rule conversion.\n- [COMMAND_EXECUTION]: Uses the sigma command-line interface for validating rule integrity and performing batch conversions of detection logic into target SIEM languages.\n- [PROMPT_INJECTION]: The skill processes untrusted Sigma rules in YAML format (ingestion point: scripts/agent.py), creating an indirect prompt injection surface; however, capabilities are limited to structured parsing and local file operations without high-risk execution sinks.

building-detection-rules-with-sigma