Skills
skills/mukul975/anthropic-cybersecurity-skills/analyzing-slack-space-and-file-system-artifacts/Gen Agent Trust Hub

analyzing-slack-space-and-file-system-artifacts

Fail

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill contains references to known malicious URLs, https://malicious-site.com/payload.exe and https://cdn.malicious-site.com/payload.exe. These URLs were flagged by security scanners as phishing and represent a high risk. While they are included in SKILL.md as examples of download metadata in a forensic context, their presence in the skill's source files constitutes a confirmed detection of malicious content.
  • [EXTERNAL_DOWNLOADS]: The skill workflow and scripts instruct the installation of unversioned Python packages (analyzeMFT, pyusn, mft) from the public PyPI registry, which introduces risks associated with dependency integrity and potential supply chain attacks.
  • [COMMAND_EXECUTION]: The script scripts/agent.py and the manual steps in SKILL.md use subprocess.run() and direct shell execution to call various forensic utilities (such as blkls, fls, icat, and MFTECmd.exe). These tools are executed with arguments (e.g., file paths, offsets, and inode numbers) derived from user or agent input without explicit validation or sanitization, potentially allowing for argument injection.
  • [DATA_EXFILTRATION]: The skill is explicitly designed to identify and extract sensitive information (passwords, social security numbers, credit card data, and transaction logs) from file system slack space and system journals. While this is the intended forensic purpose, the lack of output filtering or secure handling protocols for this highly sensitive data poses an exfiltration risk if the agent's environment is compromised.
  • [PROMPT_INJECTION]: The skill possesses a significant surface for indirect prompt injection through the following components:
  • Ingestion points: Untrusted forensic data enters the agent context via the parsing of raw disk images (evidence.dd), MFT entries, and USN journals.
  • Boundary markers: There are no markers or system instructions to distinguish between the agent's operational logic and the content extracted from the disk images, which often contains arbitrary strings from files and deleted artifacts.
  • Capability inventory: The agent is granted capabilities to read raw binary data, extract hidden streams, and execute system-level forensic tools across the host filesystem.
  • Sanitization: Content extracted via strings, grep, or MFT parsing is processed and presented to the user/agent without escaping or filtering of potentially malicious instructions embedded in the target data.
Recommendations
  • AI detected serious security threats
  • Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 7, 2026, 12:02 PM