The Agent Skills Directory

[PROMPT_INJECTION]: The skill includes a log analysis feature in scripts/agent.py that processes external data from OT protocol logs. This represents a potential surface for indirect prompt injection if malicious data were embedded in logs, but the risk is negligible as the script performs static aggregation and reporting.
Ingestion points: The --log parameter in scripts/agent.py reads user-provided JSON-line files.
Boundary markers: Absent.
Capability inventory: Includes file system access (read/write) and network requests via the requests library.
Sanitization: Data is parsed as JSON, but string values are not sanitized before being included in the final report.
[EXTERNAL_DOWNLOADS]: The skill references several well-known technology and security resources for documentation and threat intelligence. References include Dragos (official vendor), CISA (US government agency), and ISA (standards organization). Code in scripts/agent.py and SKILL.md utilizes the requests library to interact with the Dragos Platform API at a user-defined URL.
[DATA_EXFILTRATION]: The skill is designed to fetch security data (assets, detections, vulnerabilities) from an OT monitoring platform and save it to a local JSON report. All network operations are directed at the official platform API or specified local endpoints and use standard authentication patterns with placeholders.

implementing-dragos-platform-for-ot-monitoring