The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill connects to well-known technology services (AlienVault OTX and AbuseIPDB) to download threat intelligence indicators for event enrichment.\n- [PROMPT_INJECTION]: Detected an indirect prompt injection surface through the ingestion of untrusted external data.\n
Ingestion points: External threat intelligence data is ingested via modular inputs in SKILL.md (bin/threatfeed_otx.py) and processing scripts (scripts/agent.py).\n
Boundary markers: No explicit boundary markers or instruction-ignoring warnings are present when processing fetched indicator values.\n
Capability inventory: The skill possesses capabilities to write to the local file system (CSV generation in scripts/agent.py) and interact with Splunk KV Store collections via the REST API.\n
Sanitization: Basic type normalization is performed, but indicator content is not sanitized for potential SPL (Search Processing Language) injection.

building-threat-intelligence-enrichment-in-splunk