The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py utilizes subprocess.check_output to execute local PowerShell commands to retrieve Windows event logs (Sysmon/Security). This is the primary intended function of the diagnostic tool and is implemented using safe practices by passing command arguments as a list to prevent shell injection.
[DATA_EXFILTRATION]: There are no network operations or external data transfer patterns detected. The scripts only read local event logs or provided log files (JSON/CSV) and output findings locally to the terminal or a specified file path.
[SAFE]: The skill's operations are consistent with its stated purpose as a threat-hunting utility. It implements well-known MITRE ATT&CK detection logic and relies on standard Windows administrative interfaces for security telemetry without attempting to bypass safety controls or persist in the environment.

detecting-t1003-credential-dumping-with-edr