soc-analyst
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or behaviors detected. The skill provides operational guidelines, templates, and workflow sequencing for security operations center (SOC) tasks such as alert triage and threat hunting.
- [EXTERNAL_DOWNLOADS]: References official documentation for industry-standard security frameworks including MITRE ATT&CK, NIST SP 800-61, and Sigma Rules. These are well-known informational resources and do not involve the download or execution of scripts.
- [PROMPT_INJECTION]: Includes a defensive security notice designed to protect the agent from indirect prompt injection. It instructs the agent to ignore instructions found within processed data (like logs or alerts) that conflict with the established SOC methodology, which is an industry best practice.
- [SAFE]: Data processing surfaces are well-defined. The skill is intended to process security telemetry (alerts and logs) using restricted tools (Read, Grep, Glob) as specified in the configuration, with explicit boundary instructions provided to handle untrusted input safely.
Audit Metadata