The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/agent.py script utilizes the subprocess module to execute AWS CLI commands for retrieving GuardDuty findings, CloudWatch metrics, and VPC flow logs.
[COMMAND_EXECUTION]: The skill features high-privilege remediation functions including ec2 terminate-instances and iam update-access-key intended for neutralizing detected mining infrastructure.
[PROMPT_INJECTION]: The skill processes external, potentially attacker-influenced data from security logs and finding types, which constitutes an indirect injection surface.
Ingestion points: scripts/agent.py ingests data from aws guardduty list-findings and aws logs start-query (VPC flow logs).
Boundary markers: Absent; the skill does not use specific delimiters or instructions to prevent the processing of malicious content within logs.
Capability inventory: The script has the capability to terminate cloud resources (terminate-instances) and modify access keys.
Sanitization: Absent; the implementation relies on the structured nature of CLI JSON output but does not validate the content of the log entries themselves.

detecting-cloud-cryptomining-activity