The Agent Skills Directory

[SAFE]: The skill's implementation in scripts/agent.py is consistent with its documented purpose of threat hunting. It uses standard SSL/TLS modules and follows secure practices for certificate inspection. A minor discrepancy in author names between the SKILL.md and LICENSE file was noted but is considered a benign administrative error.
[PROMPT_INJECTION]: The skill ingests external data from proxy logs, creating an indirect prompt injection surface. This is a characteristic risk of processing log data but is mitigated by the script's structured parsing and specialized function.
Ingestion points: load_proxy_logs in scripts/agent.py reads from user-supplied CSV log files.
Boundary markers: Absent; the script does not wrap log content in delimiters or include warnings to signal to the agent that the content is untrusted.
Capability inventory: The skill is capable of performing network connections (socket.connect) and file system writes (json.dump), which are intended functionalities for its reporting tasks.
Sanitization: Data is parsed as text fields without specific validation, but is structured into a JSON report format, providing basic structural isolation.

hunting-for-domain-fronting-c2-traffic