The Agent Skills Directory

[SAFE]: The skill provides structured procedures and a Python agent for implementing User and Entity Behavior Analytics (UEBA). It uses legitimate data analysis techniques like z-score calculation and peer group comparison to identify security anomalies in Elasticsearch logs.
[SAFE]: The scripts/agent.py file disables SSL certificate verification when connecting to Elasticsearch by setting verify_certs=False. This is a best practice violation that simplifies development and internal usage but could expose the connection to interception in a production environment.
[SAFE]: The skill processes external log data, presenting an indirect prompt injection surface.
Ingestion points: Authentication, file access, and network logs are ingested via the es.search method in the build_user_baseline and score_current_activity functions within scripts/agent.py.
Boundary markers: None are present to distinguish ingested log data from instructions.
Capability inventory: The skill can write JSON reports to the local file system (via args.output) and print findings to the console.
Sanitization: No explicit sanitization or filtering is performed on the log data, though the current implementation primarily uses the data for statistical math (averages, standard deviations) rather than direct text manipulation or shell command generation.

detecting-insider-threat-with-ueba