skills/mukul975/anthropic-cybersecurity-skills/implementing-siem-use-cases-for-detection/Gen Agent Trust Hub
implementing-siem-use-cases-for-detection
Fail
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The SKILL.md file contains instructions to install an external framework using a 'Download and Execute' pattern: IEX (IWR 'https://raw.githubusercontent.com/redcanaryco/invoke-atomicredteam/master/install-atomicredteam.ps1' -UseBasicParsing). This allows for arbitrary code execution from a remote source.
- [EXTERNAL_DOWNLOADS]: The remote script URL hosted on GitHub has been flagged by automated scanners as potentially malicious, associated with botnet activity.
- [COMMAND_EXECUTION]: The skill workflow involves executing sensitive system commands and attack simulations via PowerShell, including Invoke-AtomicTest for credential dumping and persistence techniques.
- [EXTERNAL_DOWNLOADS]: The skill includes code that downloads threat intelligence data from external sources via the attackcti library.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. 1. Ingestion points: External data is ingested in scripts/agent.py via the attackcti library. 2. Boundary markers: Absent. 3. Capability inventory: Generation of SIEM detection logic and shell command execution. 4. Sanitization: No evidence of validation for externally sourced technique data.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata