The Agent Skills Directory

[SAFE]: The skill provides legitimate defensive configurations and code for threat detection purposes. All instructions and scripts align with standard security industry practices for LOLBin monitoring.- [SAFE]: The Python script scripts/agent.py performs local analysis of event logs. It does not initiate network connections or attempt to exfiltrate sensitive data. All processing is focused on pattern matching within the provided log files.- [SAFE]: External URLs referenced (lolbas-project.github.io, mitre.org, microsoft.com) are well-known and trusted cybersecurity resources.- [SAFE]: The tool ingests untrusted log data, but its capability set is limited to reading and pattern matching. It does not use unsafe functions to execute code derived from logs, mitigating risks associated with indirect prompt injection. Ingestion point: scripts/agent.py (Sysmon logs); Boundary markers: None; Capability inventory: Log parsing and regex matching; Sanitization: Truncation of output.

detecting-living-off-the-land-attacks