Skills
skills/mukul975/anthropic-cybersecurity-skills/performing-threat-hunting-with-elastic-siem/Gen Agent Trust Hub

performing-threat-hunting-with-elastic-siem

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted telemetry data from security logs.
  • Ingestion points: The scripts/agent.py script retrieves data from external Elasticsearch indices such as logs-endpoint.events.* and logs-windows.sysmon_operational-*.
  • Boundary markers: No delimiters or boundary markers are used when formatting the retrieved log data into the printed hunt reports.
  • Capability inventory: The skill performs read operations on Elasticsearch and outputs results to the console. It does not have write access to the filesystem or the ability to execute shell commands with the retrieved data.
  • Sanitization: The script does not sanitize or escape fields from the log events (e.g., process.args, user.name, or host.name) before including them in the final output report.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 01:01 PM