The Agent Skills Directory

[SAFE]: The main script scripts/agent.py performs local analysis of activity logs and generates a report on the filesystem. It does not perform unauthorized network operations, access sensitive credentials, or attempt to persist on the system.- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by processing untrusted data from CSV files and outputting it into reports intended for agent consumption. Evidence: (1) Ingestion points: The load_events_csv function in scripts/agent.py reads user-supplied CSV files. (2) Boundary markers: Absent; log field data is processed and stored without delimiters or protective framing. (3) Capability inventory: The skill has the capability to write files to the disk as demonstrated in scripts/agent.py. (4) Sanitization: Absent; the script does not validate or escape content from the input CSV fields before inclusion in the final report.

performing-insider-threat-investigation