The Agent Skills Directory

[SAFE]: The skill's primary function is to facilitate legitimate security posture management using a known enterprise platform.
[EXTERNAL_DOWNLOADS]: The Python scripts rely on standard, reputable libraries: requests for API interaction, and pandas and networkx for data processing and graph analysis. These are common dependencies for security automation tools.
[DATA_EXFILTRATION]: No unauthorized data exfiltration was observed. scripts/agent.py communicates exclusively with an API endpoint provided by the user via command-line arguments to retrieve security exposure data.
[CREDENTIALS_UNSAFE]: While the script scripts/agent.py accepts an API key as a command-line argument (which can be visible in process listings), it does not contain hardcoded credentials or instructions to store secrets insecurely.
[COMMAND_EXECUTION]: The provided code does not utilize subprocesses, shell execution, or dynamic evaluation functions that could lead to command injection.

implementing-attack-path-analysis-with-xm-cyber