The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Fetches security detection rules and MITRE ATT&CK STIX data from established and reputable repositories, including SigmaHQ, Splunk, Elastic, and MITRE.
[EXTERNAL_DOWNLOADS]: Downloads the security-detections-mcp and mcp-remote packages from the NPM registry using npx, which is the standard deployment pattern for Node.js-based MCP tools.
[COMMAND_EXECUTION]: Instructs the user to run the MCP server via npx and provides commands to modify directory permissions (chmod) for local detection rule sets.
[PROMPT_INJECTION]: The skill features an autonomous detection pipeline capable of ingesting Cyber Threat Intelligence (CTI) from external providers. This represents a potential surface for indirect prompt injection where untrusted data could influence the agent's behavior during detection engineering.
Ingestion points: External CTI sources (e.g., MISP, OTX) processed by the configure_autonomous tool.
Boundary markers: No explicit delimiters or instruction-ignore markers are specified in the instructions for the ingested CTI data.
Capability inventory: Includes capabilities for file system output (export_detections) and automated pull request generation (auto_pr flag).
Sanitization: No data validation or sanitization steps are explicitly described for the ingestion process.

security-detections-mcp