The Agent Skills Directory

[SAFE]: The skill provides standard security investigation procedures and tools without any malicious patterns detected. It adheres to best practices for evidence handling, such as generating SHA-256 hashes for file integrity.
[DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were found. The skill processes log data locally via a Python script and generates reports for an investigator. It correctly instructs users to manage credentials via environment variables and configuration rather than hardcoding them.
[EXTERNAL_DOWNLOADS]: The documentation references well-known and trusted technology services and organizations, including Splunk, Microsoft, CISA, and the SEI CERT Insider Threat Center for official documentation and SDKs.
[INDIRECT_PROMPT_INJECTION]: The skill defines a surface for ingesting untrusted data (DLP and access logs), but the provided scripts process this data purely for analytical and reporting purposes without passing it to dangerous execution sinks or secondary agent prompts.

investigating-insider-threat-indicators