The Agent Skills Directory

[SAFE]: The skill provides valid documentation and automation for the official CrowdStrike Falcon EDR platform. All external dependencies, such as the crowdstrike-falconpy library, and all network references are to legitimate, well-known services.- [SAFE]: The skill follows security best practices for credential management by using environment variable lookups and placeholders for sensitive identifiers like Customer IDs (CID) and API secrets.- [SAFE]: Administrative operations using sudo or system service queries are appropriately scoped to the requirements of installing and verifying security software on endpoints.- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data from an external source.
Ingestion points: Untrusted data such as hostnames, OS versions, and detection tactics are ingested from the CrowdStrike API via scripts/agent.py and scripts/process.py.
Boundary markers: The skill does not implement delimiters or specific instructions to the AI agent to ignore or isolate potentially malicious instructions embedded within the retrieved telemetry metadata.
Capability inventory: The scripts include the ability to write files to the local system (falcon_deployment_report.json, falcon_stale_hosts.csv) and perform network interactions with the CrowdStrike API, although they do not directly execute the ingested data as shell commands.
Sanitization: There is no evidence of input validation or sanitization being applied to the strings retrieved from the API before they are displayed in the console or saved to reports.

deploying-edr-agent-with-crowdstrike