The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests log data and security events from QRadar which may contain attacker-controlled content. This content could influence the AI agent's analysis or decision-making during offense investigations.
Ingestion points: client.search_aql(), client.get_offenses(), and client.get_offense_details() in scripts/agent.py ingest external log and offense data into the agent context.
Boundary markers: None identified. Data is processed without explicit delimiters or instructions to ignore embedded commands.
Capability inventory: client.close_offense() and client.add_to_reference_set() in scripts/agent.py allow the agent to modify the state of the SIEM based on processed data.
Sanitization: None identified. The script performs no validation or escaping of the ingested data.
[SAFE]: The QRadarClient class in scripts/agent.py defaults to verify_ssl=False. This disables SSL/TLS certificate verification for all API communication with the QRadar host, making the connection susceptible to Man-in-the-Middle (MitM) attacks. This is a security best practice violation.
[SAFE]: The skill follows secure credential management practices by using environment variables (QRADAR_TOKEN) rather than hardcoding secrets. Placeholders like YOUR_API_TOKEN in SKILL.md and references/api-reference.md are used for instructional purposes only.

correlating-security-events-in-qradar