Skills
skills/mukul975/anthropic-cybersecurity-skills/detecting-pass-the-ticket-attacks/Gen Agent Trust Hub

detecting-pass-the-ticket-attacks

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary function is cybersecurity threat detection. The provided code and instructions align with this purpose without introducing malicious behavior.
  • [EXTERNAL_DOWNLOADS]: The SKILL.md file lists the requests library as a prerequisite; however, the scripts/agent.py script does not import or utilize this library, nor does it perform any other network operations or downloads.
  • [COMMAND_EXECUTION]: The scripts/agent.py script uses the standard xml.etree.ElementTree library for parsing local XML files. It does not use any high-risk functions like eval(), exec(), or subprocess.run(), and it does not accept unsanitized user input for command construction.
  • [DATA_EXFILTRATION]: There is no evidence of data exfiltration. The script processes local data and writes the resulting analysis report to a local JSON file specified by the user.
  • [PROMPT_INJECTION]: The skill instructions do not contain any patterns typical of prompt injection, such as attempts to override system safety guidelines or ignore previous instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 06:46 PM