disk-forensics
Warn
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill directs the agent to access sensitive file paths that contain user credentials or authentication data.
- Evidence: The instructions include examining Windows Registry hives, specifically the SAM hive (SKILL.md), which stores local password hashes.
- [COMMAND_EXECUTION]: The skill utilizes powerful tools to interact with sensitive system artifacts and private user data.
- Evidence: Commands are provided to access log files (/var/log/*), browser history (Mozilla, Safari, Chrome), and system artifacts such as prefetch files and USB history (SKILL.md).
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted external data.
- Ingestion points: Untrusted disk images and files are analyzed using tools like strings, exiftool, and binwalk (SKILL.md).
- Boundary markers: Absent; the skill lacks instructions to isolate or ignore instructions embedded within the analyzed evidence.
- Capability inventory: The agent uses Bash for file system mounting, partition analysis, and data extraction (SKILL.md).
- Sanitization: Absent; no methods for escaping or validating the content extracted from images are described.
Audit Metadata