The Agent Skills Directory

[SAFE]: The skill is designed for legitimate cybersecurity operations, specifically the deployment of deception assets.
[DATA_EXFILTRATION]: While the skill references sensitive file paths (e.g., .aws/credentials) and creates credentials, these are explicitly labeled as honeytokens (decoy data) intended to trigger alerts when accessed by attackers. No actual sensitive data is leaked.
[COMMAND_EXECUTION]: The skill uses administrative PowerShell commands (New-ADUser, Add-ADGroupMember) and shell commands (cmdkey), but these are restricted to the intended purpose of creating decoy accounts and cached credentials in a controlled environment.
[REMOTE_CODE_EXECUTION]: Code examples use the requests library to interact with well-known security services like Thinkst Canary and Canarytokens.org, which is standard for the described workflow.
[SAFE]: The HTTP honeypot script in agent.py ingests external data (HTTP headers and bodies) which is the primary function of a honeypot, and the script merely logs these interactions.

performing-deception-technology-deployment