The Agent Skills Directory

[SAFE]: Analysis of the skill's instructions, metadata, and scripts shows no evidence of malicious intent, prompt injection, or obfuscation. The behavior is consistent with professional threat hunting and incident response documentation.
[EXTERNAL_DOWNLOADS]: The agent.py script uses the attackcti library to retrieve threat intelligence from MITRE's public TAXII servers. This is a standard and expected operation that utilizes a well-known and trusted external service.
[COMMAND_EXECUTION]: The skill provides numerous query templates for platforms such as osquery, Velociraptor, and Splunk. These queries are presented as formatted text for the user's manual use and are not executed locally by the agent, posing no risk to the host environment.

hunting-advanced-persistent-threats