The Agent Skills Directory

[SAFE]: The skill operates as a defensive tool with a clear objective of supporting security investigations. It emphasizes human-in-the-loop validation and the preservation of evidence before any destructive or corrective actions are taken.
[COMMAND_EXECUTION]: The skill utilizes local shell scripts (vpnchecker.sh and ipir.sh) for IP reputation checking. These scripts are invoked from a fixed workstation path (/root/Tools/IncidentResponseScripts/) using IP addresses extracted through strict regular expressions in a Python helper script, which significantly mitigates the risk of command injection.
[DATA_EXFILTRATION]: All network-related operations, such as Microsoft Graph queries via az rest, are functionally necessary for the described incident response tasks. There are no patterns suggesting the exfiltration of sensitive information to untrusted or external domains.
[REMOTE_CODE_EXECUTION]: The skill does not download or execute external code. All automation scripts are either included in the skill package or are part of the pre-configured local workstation environment.

incident-response-main