The Agent Skills Directory

[DATA_EXFILTRATION]: The Python script scripts/agent.py extracts URLs and attachment hashes from provided email files and submits them to VirusTotal and urlscan.io. This is standard behavior for security analysis tools and targets well-known reputation services.\n- [COMMAND_EXECUTION]: The documentation includes standard administrative PowerShell commands for incident remediation, such as revoking session tokens and resetting passwords in Azure AD. These actions are explicitly described as part of the "Account Containment" workflow.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill is designed to process untrusted data (phishing emails) which may contain malicious instructions intended to mislead the agent.\n
Ingestion points: scripts/agent.py parses EML files; SKILL.md instructs the agent to analyze email content.\n
Boundary markers: None. Email content is analyzed as-is.\n
Capability inventory: The agent has the ability to execute network requests via the provided script and administrative commands as described in the workflow.\n
Sanitization: The script uses standard email parsing libraries (Python email module). No additional content sanitization is implemented before the agent processes the extracted data.

conducting-phishing-incident-response