The Agent Skills Directory

[SAFE]: The skill instructions and associated scripts are focused on legitimate cybersecurity research and threat detection activities.
[EXTERNAL_DOWNLOADS]: The script agent.py is configured to download public threat intelligence data from MITRE's official STIX/TAXII repositories using the attackcti library.
[COMMAND_EXECUTION]: The documentation provides examples of Velociraptor VQL, osquery SQL, and Splunk SPL queries. These are intended for user-guided hunting and are not executed autonomously by the skill's code.
[DATA_EXFILTRATION]: The script allows users to output hunt reports to a JSON file. The output location is determined by a user-provided CLI argument, and no sensitive system data is accessed or transmitted.

hunting-advanced-persistent-threats