The Agent Skills Directory

[SAFE]: The skill provides defensive security logic intended for threat hunting and incident response. The scripts and documentation are transparent and align with industry-standard practices for Sigma-based detection.
[INDIRECT_PROMPT_INJECTION]: The skill processes external telemetry logs which represent an ingestion point for untrusted data. While this is a potential surface for indirect injection if the resulting report is consumed by an LLM, the risk is mitigated by the script's use of structured parsing and non-executable output.
Ingestion points: scripts/agent.py reads user-provided JSON log files via the --log-file argument.
Boundary markers: The output report uses structured JSON, though it lacks explicit delimiters to warn downstream consumers about embedded instructions in the raw event data.
Capability inventory: The script is limited to file system read/write operations for log processing and reporting; it lacks network access, privilege escalation, or dynamic code execution capabilities.
Sanitization: Employs standard Python json library for parsing and string-based signature matching, preventing common injection vulnerabilities in the processing logic itself.

detecting-living-off-the-land-with-lolbas