The Agent Skills Directory

[SAFE]: The skill demonstrates standard integration patterns for Splunk Enterprise Security. It provides templates and scripts for interacting with legitimate threat intelligence APIs such as AlienVault OTX.
[DATA_EXPOSURE_AND_EXFILTRATION]: Network operations are performed using the requests library to fetch data from well-known cybersecurity services (e.g., otx.alienvault.com). These are documented, purpose-built connections for threat intelligence gathering and do not represent unauthorized data exfiltration.
[CREDENTIALS_UNSAFE]: While the skill contains references to API keys and passwords (e.g., admin:pass, password="changeme"), these are explicitly used as documentation placeholders and common defaults for local testing environments, posing no risk to real-world credentials.
[INDIRECT_PROMPT_INJECTION]: The skill involves processing external data from threat feeds. However, the implementation uses structured parsing (JSON/CSV) and maps data to specific schema fields in the Splunk KV Store, minimizing the risk of prompt injection from untrusted data sources.

building-threat-intelligence-enrichment-in-splunk