The Agent Skills Directory

[SAFE]: No malicious patterns or security risks were detected in the skill instructions, metadata, or associated scripts.
[SAFE]: Analysis of potential indirect prompt injection surfaces found minimal risk.
Ingestion points: The scripts scripts/agent.py and scripts/process.py ingest Windows Event Log files (EVTX, CSV, JSON) for analysis.
Boundary markers: None are present in the parsing logic, as is typical for log analysis tools.
Capability inventory: The skill is restricted to reading local files and writing detection reports (JSON/Markdown) to the local file system. It contains no network operations, command execution, or persistence mechanisms.
Sanitization: The tool uses standard libraries and the established python-evtx package for data handling, ensuring that log content is processed as data rather than executed.

detecting-dcsync-attack-in-active-directory