The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill utilizes the well-known 'requests' Python library for HTTP communication with the Splunk SOAR REST API.
[SAFE]: The skill provides legitimate instructions and scripts for Splunk SOAR automation and management.
[SAFE]: Credentials provided in configuration examples are placeholders (e.g., 'YOUR_VT_API_KEY', 'SERVICE_ACCOUNT_PASSWORD') and do not represent a security risk.
[SAFE]: The playbooks described in SKILL.md process external artifacts (URLs, IPs, hashes) from ingestions. While this represents a data ingestion surface, it is consistent with the primary purpose of SOAR automation and includes human-in-the-loop approval gates for high-impact actions.
Ingestion points: Artifacts retrieved via 'phantom.get_artifacts' in SKILL.md.
Boundary markers: Not explicitly defined in example snippets.
Capability inventory: Automated actions like 'block_url', 'quarantine_device', and 'disable_user'.
Sanitization: Relies on platform-level validation and human approval steps.
[SAFE]: No obfuscation, remote code execution, or persistence patterns were identified.

implementing-soar-automation-with-phantom