The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Communicates with the Canarytokens.org API (https://canarytokens.org/generate) to generate various decoy types.\n- [COMMAND_EXECUTION]: Modifies system configuration files and credential directories to plant honeytokens as part of its primary defensive functionality.\n
Writes fake AWS credentials to /opt/backup/.aws/credentials.\n
Appends decoy entries to /etc/app/config.yml and /root/.ssh/config.\n- [PROMPT_INJECTION]: Contains an indirect prompt injection surface through the processing of external webhook logs.\n
Ingestion points: Reads JSON logs in scripts/agent.py using json.load().\n
Boundary markers: Missing specific markers between log data and agent instructions.\n
Capability inventory: Ability to perform network operations and write to sensitive file system locations.\n
Sanitization: Values from the JSON logs are extracted and used in reports without extensive sanitization.

implementing-honeytokens-for-breach-detection