The Agent Skills Directory

[SAFE]: No security issues detected. The skill is designed for defensive security operations and forensic investigation.
[EXTERNAL_DOWNLOADS]: The skill utilizes well-known, legitimate Python libraries for parsing Windows event logs and XML data.
Evidence: pip install python-evtx lxml in SKILL.md and imports in scripts/agent.py.
[PROMPT_INJECTION]: While the skill processes untrusted data from forensic log files, it does so in a parser-only context with no execution capabilities, posing no risk to the agent environment.
Ingestion points: scripts/agent.py reads data from .evtx files via parse_evtx_4104.
Boundary markers: None explicitly used for processed content.
Capability inventory: File system read/write only; no network access or command execution.
Sanitization: Content is extracted and analyzed via regex/entropy; no specific sanitization is applied to the raw script text before JSON output.

analyzing-powershell-script-block-logging