skills/mukul975/anthropic-cybersecurity-skills/analyzing-linux-audit-logs-for-intrusion/Gen Agent Trust Hub
analyzing-linux-audit-logs-for-intrusion
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Python agent in
scripts/agent.pyexecutes theausearchutility usingsubprocess.run. The implementation uses a list of arguments, which correctly avoids shell-based command injection. - [DATA_EXFILTRATION]: The skill requires access to sensitive host files such as
/var/log/audit/audit.logand monitors paths like/etc/shadow. This data access is essential for the stated goal of intrusion detection but involves processing high-privilege system information. - [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection because it parses Linux audit logs, which can contain arbitrary strings from untrusted process executions. There are no explicit boundary markers or sanitization steps used when processing the log content in
scripts/agent.py, which could allow malicious log entries to influence downstream agent logic.
Audit Metadata