The Agent Skills Directory

[PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it is designed to ingest and process untrusted data from incident evidence sources like SIEM logs and network captures.
Ingestion points: The scripts/agent.py script accepts untrusted content through the --input-file and --input-text CLI arguments.
Boundary markers: No specific boundary markers or instructions to ignore embedded instructions are present in the processing logic.
Capability inventory: The skill script (scripts/agent.py) can perform network operations via the requests library and write files to the local system using the open function.
Sanitization: Indicators are extracted using regular expressions for IPv4 addresses, domains, URLs, and file hashes (MD5/SHA-256), which provides a layer of data validation.
[DATA_EXFILTRATION]: The skill performs network requests to well-known security intelligence platforms, including VirusTotal, MalwareBazaar, and AbuseIPDB, to retrieve reputation data for extracted indicators. These operations are consistent with the skill's documented purpose for threat intelligence enrichment.
[COMMAND_EXECUTION]: The agent.py script performs local file system operations, including reading from specified input files and writing STIX-formatted JSON bundles to an output path. These activities are routine for a command-line utility designed for data processing.

collecting-indicators-of-compromise