The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py uses the subprocess.run method to execute external security utilities, specifically vol (Volatility3) and rkhunter. These operations are essential for the skill's functionality and are implemented using best practices, such as passing arguments as a list to avoid shell injection and applying execution timeouts.
[COMMAND_EXECUTION]: Instructions within SKILL.md and references/api-reference.md suggest the use of sudo for memory acquisition and rootkit scanning. While this involves high-privilege access, it is a technical requirement for the intended domain of kernel-level digital forensics.

analyzing-linux-kernel-rootkits