The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/agent.py script and the SKILL.md workflow utilize standard AWS CLI commands (via subprocess and shell snippets) to query GuardDuty findings, check EC2 instance states, and inspect CloudTrail logs. These actions are legitimate and necessary for the skill's stated purpose of cloud security monitoring.
[DATA_EXFILTRATION]: No patterns indicative of data exfiltration were found. Network indicators (ports and domains) are used exclusively for detection purposes within queries and filters, and no sensitive information is sent to external unauthorized domains.
[PROMPT_INJECTION]: The skill instructions do not contain any attempts to override agent behavior, bypass safety filters, or extract system prompts. The language is purely instructional and focused on the technical task of cryptomining detection.
[EXTERNAL_DOWNLOADS]: The skill does not perform any external downloads of scripts or executable binaries from unknown or untrusted sources.
[SAFE]: The code follows standard practices for interacting with cloud APIs. The use of placeholders for account IDs and the inclusion of remediation steps like isolating instances via security groups are aligned with industry-standard incident response procedures.

detecting-cryptomining-in-cloud