AI Skill Prompt Guide
General guidelines​
- AI instructions should be scoped and limited. Do not try to do too much in one call.
- Example: Do not try to extract a custom output and convert the result to a different format (e.g. timestamp to epoch)
- If the AI skill step includes navigation or filtering actions that can be added to the start URL with path and query params, then modify the start URL instead of having the AI skill do the navigation and set the filters.
- Example: Start with URL http://mytool.com/threats/incident/123?fromDate=10-03-2025&toDate=12-03-2025 instead of http://mytool.com/threats/
- Keep in mind that the AI skill has a limited set of interaction tools: Clicking on interactive elements and entering text into input elements. Telling the AI skill to perform actions that it cannot do technically is an anti-pattern (e.g. "Double click on the button", "scroll down", "click on an empty space").
- Generally, it's better to set information on how to extract data in the outputs of the skill than to add it to the AI skill prompt (e.g. instead of "Locate the user in the table and extract its information", add an output: "user_info": "The information of the user in the table"). The reason is that the extraction of data and analysis always happen after the AI skill finishes and it doesn't have "locate" or "extract" actions.
Troubleshooting​
AI step finishes before the results are fully loaded​
Sometimes the AI skill will finish before the last interaction has completed fully. For example, when told to "submit a form", the AI skill can click the submit button and then finish, without waiting for the form to be submitted or for the results to show. To overcome this, you can tell the AI skill to explicitly wait X seconds in certain situations (the AI Skill has a "wait" action). For example: "After submitting the form, wait 3 seconds, if the results are still not loaded, wait another 5 seconds.".
AI step performs unnecessary actions after the initial flow​
Sometimes the AI skill will perform additional interactions when it can't determine that the task has completed. This can happen when it's not clear that an operation has ended (e.g. a form was submitted but there is no indication). In this case, it is useful to tell the AI skill to finish explcitly after the last action. For example: " .... Submit the form. Then finish."
Prompt Examples​
Extracting the ISP country from whois.com search​
Prompt:
Enter the IP in the search box. Click the WhoIs button to search for the results. Verify that the IP search results are shown. Then finish.
| Inputs | Output |
|---|---|
ip | isp_country — The country of the ISP of the IP |
Running a query in Splunk and extracting the results​
Prompt:
In the search and reporting section, run the provided Splunk query. Use "Last 7 Days" as the time range for the search. Type the query in the search textbox under "Search" and submit the query. After submitting the query, wait a bit for the results to appear under the "Events" tab.
| Inputs |
|---|
query |
Submitting a Form in a Ticket Tracking System​
Prompt:
Click on "Create Ticket" button. Fill the form that opens with the provided inputs. The inputs might not be exact values, so you should select the best matching options. Submit the form. Then finish.
| Inputs |
|---|
| The values to enter in the form |