The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and processes untrusted log data from external sources for analysis.
Ingestion points: The scripts scripts/agent.py (which reads .evtx and text logs) and scripts/process.py (which reads .json and .csv logs) take external file paths as input.
Boundary markers: Absent; there are no delimiters or instructions to ignore embedded instructions within the processed log content.
Capability inventory: The skill's capabilities are limited to reading local log files and writing hunt findings to the local file system (e.g., detecting_mimik_output/). No network operations, arbitrary command execution, or dynamic code evaluation patterns were found.
Sanitization: Absent; the ingested log data is processed using regular expressions and included in output reports without escaping or validation.
[SAFE]: A discrepancy exists between the author name in the SKILL.md frontmatter (mahipal) and the copyright holder in the LICENSE file (mukul975). This is documented as a metadata inconsistency and does not appear to indicate malicious intent.

detecting-mimikatz-execution-patterns