The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions for using command-line forensic tools and includes a Python script (scripts/agent.py) that automates rootkit detection using Volatility 3. The script uses subprocess.run with list-based arguments, which is a secure implementation that avoids shell injection risks.
[DATA_EXFILTRATION]: The analysis workflow requires reading sensitive low-level data, including raw disk sectors (/dev/sda) and SPI flash memory. These operations are necessary for malware forensics. The skill does not contain any network-facing code or commands that would transmit this sensitive data to external locations.
[PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted binary data from malware samples. This creates a theoretical surface for indirect prompt injection if a sample were specially crafted to influence the agent's output. However, this is an inherent characteristic of malware analysis tools and is mitigated by the diagnostic focus of the skill's capabilities.

analyzing-bootkit-and-rootkit-samples