siem-rules
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The static analyzer flag for instruction overrides is a false positive. The skill includes a dedicated Prompt Injection Safety Notice (Section 8) instructing the agent to treat directives in user logs as data rather than commands.
- [EXTERNAL_DOWNLOADS]: All external links point to official documentation from trusted organizations such as Microsoft, Splunk, and MITRE for technical reference purposes.
- [PROMPT_INJECTION]: The indirect prompt injection surface was evaluated. Ingestion points: User-provided log samples and query drafts described in Section 8. Boundary markers: Specific instructions to ignore directives embedded in analyzed content. Capability inventory: Access to Read, Grep, and Glob tools with no network or direct execution permissions. Sanitization: All output is for human review and requires logic validation before deployment.
Audit Metadata