performing-soc-tabletop-exercise
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for educational and training purposes. All incident indicators (IPs, hostnames, credentials) are fictional components of a simulated ransomware scenario.
- [COMMAND_EXECUTION]: The provided Python script (
scripts/agent.py) is used for managing exercise metadata and scoring. It uses the standard library (datetime) and does not invoke external processes or dynamic code execution. - [EXTERNAL_DOWNLOADS]: The skill does not perform any remote package installation or script downloads. Referenced tools like Splunk or CrowdStrike are mentioned as context for the SOC simulation rather than requirements for the skill's execution.
- [DATA_EXFILTRATION]: No network activity or sensitive file access is performed by the skill's scripts. The Splunk query provided in the documentation is a template for organizational tracking and does not expose local data.
Audit Metadata