The Agent Skills Directory

[DATA_EXFILTRATION]: The agent.py script transmits plaintext credentials to a user-controlled endpoint, creating a risk of credential exfiltration.
Evidence: In scripts/agent.py, requests.post sends a payload with username and password to a base_url defined via command-line arguments.
[DATA_EXFILTRATION]: The script includes an explicit mechanism to disable TLS certificate verification, which facilitates potential man-in-the-middle attacks and unsafe data transmission.
Evidence: Multiple requests in scripts/agent.py use the verify parameter conditioned on the SKIP_TLS_VERIFY environment variable.
[PROMPT_INJECTION]: The skill ingests data from external security alerts and incorporates them into human-readable reports without sanitization, exposing the agent to indirect prompt injection.
Ingestion points: Splunk notable event results fetched in scripts/agent.py.
Boundary markers: None present in the report formatting logic.
Capability inventory: The agent has network access via the requests library and file-system write access via json.dump.
Sanitization: None. No escaping or validation is applied to data fields before inclusion in the output string.

building-soc-metrics-and-kpi-tracking