The Agent Skills Directory

[SAFE]: The skill implements legitimate configuration and auditing functionality for Proofpoint Email Protection.
[DATA_EXFILTRATION]: The script scripts/agent.py connects to the well-known Proofpoint TAP API (tap-api-v2.proofpoint.com) to retrieve security events. This is a standard operation for email security monitoring and does not involve unauthorized data transfer to untrusted domains.
[CREDENTIALS_UNSAFE]: The skill follows security best practices by instructing the user to manage API secrets via environment variables (PROOFPOINT_PRINCIPAL, PROOFPOINT_SECRET) instead of hardcoding them in the source code.
[PROMPT_INJECTION]: The skill contains data ingestion points for processing external content, but does not provide a surface for indirect prompt injection that affects the agent's behavior.
Ingestion points: scripts/process.py (reads email headers from .eml files) and scripts/agent.py (receives JSON data from Proofpoint API).
Boundary markers: Not present, as the data is processed by local Python logic rather than being passed into a prompts context.
Capability inventory: The scripts are limited to reporting and do not perform sensitive file writes, shell execution, or privilege escalation.
Sanitization: Data processing is handled through standard JSON parsing and regular expressions for metadata extraction.

implementing-proofpoint-email-security-gateway