The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests untrusted Windows event log data to generate investigation reports.
Ingestion points: The scripts scripts/agent.py (JSON) and scripts/process.py (XML) read external log files provided via CLI arguments.
Boundary markers: There are no delimiters or instructions provided to the agent to treat the log content as data rather than potential instructions.
Capability inventory: The skill utilizes file-system write access across both agent.py and process.py to create JSON report files. No network operations or administrative shell capabilities were identified.
Sanitization: The log data is parsed and aggregated without sanitization or escaping of the field values before being written to the output reports.
[SAFE]: The scripts/process.py file uses the standard xml.etree.ElementTree library to parse XML event logs. This library does not protect against XML External Entity (XXE) attacks, which could be exploited by a malicious log file to perform unauthorized local file reads.

performing-active-directory-compromise-investigation