siem-detection
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard security engineering guidelines and does not contain any detected malicious instructions, hidden code, or unauthorized network operations.\n- [PROMPT_INJECTION]: The skill's primary function involves analyzing security logs, which are untrusted data sources. This presents a potential surface for indirect prompt injection if an attacker generates specific log entries to influence the agent's output.\n
- Ingestion points: Analyzes log sources described in SKILL.md including Endpoint (EDR, Sysmon), Network (Zeek, Suricata), Identity (Okta, Entra ID), and Cloud (CloudTrail, Audit Logs).\n
- Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are defined in SKILL.md for the data processing phase.\n
- Capability inventory: The skill utilizes Read, Write, Bash, Grep, Glob, and WebSearch tools to perform its analysis as defined in SKILL.md.\n
- Sanitization: There are no explicit instructions in SKILL.md for sanitizing or escaping log content before the agent processes it.
Audit Metadata