The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze security logs from external sources. This presents an indirect prompt injection surface where malicious data (e.g., a process name or log entry containing agent instructions) could attempt to influence the agent's reasoning or output. This is a common characteristic of log analysis tools.
Ingestion points: The scripts/agent.py script fetches log data from a Splunk instance.
Boundary markers: Output is structured as JSON, but there are no explicit instructions to the agent to disregard natural language commands found within the logs.
Capability inventory: The script can execute arbitrary SPL queries and read system logs.
Sanitization: No explicit sanitization or filtering of the log content is performed before presentation to the agent.
[COMMAND_EXECUTION]: The helper script scripts/agent.py constructs Splunk Search Processing Language (SPL) queries using string interpolation for hostnames and usernames. Without proper sanitization of these inputs, a malicious user or a compromised agent could potentially inject SPL commands into the search string.
[SAFE]: The skill uses the official splunk-sdk Python package and references well-known documentation from Splunk's official developer and documentation domains.

analyzing-security-logs-with-splunk