The Agent Skills Directory

[SAFE]: Analysis of the skill's code and documentation shows no evidence of malicious behavior. The skill is designed for incident response and forensic investigations.\n- [EXTERNAL_DOWNLOADS]: The documentation provides links to well-known forensic utilities and threat intelligence services (VirusTotal, CIRCL). These resources are commonly used by security professionals for legitimate analysis.\n- [COMMAND_EXECUTION]: The workflow includes commands for acquiring system files and executing forensic parsers, which are expected operations for a forensic analyst requiring elevated privileges.\n- [DATA_EXFILTRATION]: The skill accesses the sensitive Amcache.hve registry file for local metadata extraction. No unauthorized network transfers of this data were detected.\n- [PROMPT_INJECTION]: The skill's surface for indirect prompt injection was evaluated. Ingestion points: Forensic artifact data from Amcache.hve. Boundary markers: Absent, as the data is parsed into structured formats. Capability inventory: File reading via regipy and local file creation for reporting. Sanitization: Absent, as the tool's purpose is to extract and report raw metadata from forensic sources.

analyzing-windows-amcache-artifacts