The Agent Skills Directory

[SAFE]: The skill is designed for legitimate cybersecurity operations and threat hunting, performing statistical analysis on network traffic logs to identify potential command-and-control activity.
[SAFE]: The Python script and instructions utilize reputable libraries, including zat, numpy, pandas, and scikit-learn, for data processing and machine learning tasks.
[SAFE]: Analysis of the code shows no indicators of data exfiltration, hardcoded credentials, or network requests to untrusted domains.
[SAFE]: No obfuscation, prompt injection, or persistence mechanisms are present in the skill files or scripts.
[SAFE]: The script handles log files locally and generates a structured JSON report, adhering to the principle of least privilege with no unnecessary system command execution.
[SAFE]: The skill processes untrusted log data in scripts/agent.py (Indirect Prompt Injection surface). However, it uses structured parsing into DataFrames and performs numeric calculations. It lacks boundary markers but also lacks dangerous capabilities like code execution or network sends, and uses safe JSON serialization for results.

detecting-beaconing-patterns-with-zeek