The Agent Skills Directory

[SAFE]: The skill documentation and accompanying scripts focus exclusively on legitimate security investigation workflows using AWS Detective. All network activity targets trusted AWS API endpoints.
[COMMAND_EXECUTION]: The skill provides several AWS CLI examples and a Python script (scripts/process.py) to automate threat hunting tasks. These commands and scripts are standard for managing and querying AWS security services.
[DATA_EXFILTRATION]: The Python utility includes a function to export retrieved investigation data to a local JSON file (export_results in scripts/process.py). This is a documented functional feature for analysts to store results locally for further review.
[PROMPT_INJECTION]: The skill was evaluated for Indirect Prompt Injection vulnerability surface due to its data ingestion patterns.
Ingestion points: Retreives security log indicators and findings from the AWS Detective API in scripts/process.py.
Boundary markers: None present; the tool processes structured data returned by the AWS service.
Capability inventory: Includes local file system writes and read-only AWS API interactions.
Sanitization: Not present; the data is handled as structured JSON objects for analysis.
Conclusion: As a security tool designed to analyze logs, this behavior is essential to its primary purpose and does not represent an exploited vulnerability.

performing-cloud-native-threat-hunting-with-aws-detective