The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The agent interacts with well-known security services including VirusTotal, MalwareBazaar (Abuse.ch), and AbuseIPDB to fetch reputation data. These references are established technology services used as intended for threat intelligence enrichment.
[DATA_EXFILTRATION]: Extracted indicators such as IP addresses and file hashes are sent to external APIs for analysis. This is a core part of the documented functionality and the destinations are trusted security platforms.
[SAFE]: The skill processes local files or text strings provided explicitly by the user via command-line arguments. No patterns of unauthorized file access, credential theft, or persistence were observed.
[PROMPT_INJECTION]: While the skill ingests untrusted data (incident logs/reports), it uses strict regular expression filters to extract specific technical artifacts (IPs, hashes, domains), which significantly mitigates the risk of processing malicious instructions embedded in the source data.

collecting-indicators-of-compromise