The Agent Skills Directory

[SAFE]: The script scripts/agent.py disables SSL/TLS certificate verification (verify_certs: False) when connecting to Elasticsearch. This is a common practice in development or lab environments but is a best-practice violation for production systems as it could allow for person-in-the-middle attacks.\n- [SAFE]: The skill processes untrusted log data, creating an indirect prompt injection surface area. Evidence chain:\n
Ingestion points: scripts/agent.py queries Elasticsearch; SKILL.md provides Splunk queries for various authentication and file access logs.\n
Boundary markers: None identified in the report output or scripts.\n
Capability inventory: The script performs network requests to Elasticsearch and prints results to stdout; no dangerous system-level capabilities are invoked.\n
Sanitization: No explicit sanitization of log data (e.g., user names) is performed before display.\n- [SAFE]: There is a minor metadata mismatch where the SKILL.md file lists 'mahipal' as the author, while the LICENSE file and vendor context attribute the skill to 'mukul975'. The license also contains a future-dated copyright (2026).

performing-user-behavior-analytics