The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection or data poisoning by ingesting and processing untrusted data from external security intelligence sources.
Ingestion points: The query_virustotal, query_malwarebazaar, and query_threatfox_iocs functions in scripts/agent.py fetch data from external APIs.
Boundary markers: No delimiters or specific instructions are used to distinguish external data from system instructions in the report generation or Splunk query construction.
Capability inventory: The agent has the capability to perform network requests, isolate endpoints via the CrowdStrike API, and write files to the local file system.
Sanitization: Data retrieved from external APIs is interpolated directly into Splunk search queries and incident reports without validation or escaping.
[EXTERNAL_DOWNLOADS]: The scripts/agent.py script communicates with several well-known security intelligence platforms (VirusTotal, MalwareBazaar, ThreatFox) and endpoint security services (CrowdStrike) to retrieve threat metadata and execute containment commands.
[DATA_EXFILTRATION]: The script transmits file hashes and malware family names to third-party services for reputation checking. While this is expected behavior for a security triage tool, it involves sending internal indicators to external entities.
[COMMAND_EXECUTION]: The skill provides automated functionality to network-isolate endpoints via the CrowdStrike Falcon API. While this is a legitimate administrative action for incident response, it represents a high-privilege capability that relies on provided API credentials.

conducting-malware-incident-response