The Agent Skills Directory

[COMMAND_EXECUTION]: The skill contains Python scripts and shell instructions that execute system-level commands (such as taskkill, reg query, schtasks, and systemctl) to identify and remove malicious artifacts. These operations are essential for the primary goal of eradicating malware and are executed with standard system utilities.
[REMOTE_CODE_EXECUTION]: The documentation includes instructions for performing on-demand scans using the CrowdStrike API. This involves network requests to a well-known security service provider to validate the eradication process.
[EXTERNAL_DOWNLOADS]: The automation scripts rely on standard, well-known Python libraries for system monitoring and security analysis (psutil, yara-python). These are intended to be installed from official package registries.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by design, as it must process potentially malicious system data (e.g., process names, registry keys, and shell profiles) to perform its analysis.
Ingestion points: The scripts in scripts/agent.py and scripts/process.py read from system process lists, registry values, and file contents like ~/.bashrc and ~/.ssh/authorized_keys.
Boundary markers: No explicit delimiters are used when passing this system data back into the agent's context.
Capability inventory: The skill is equipped with significant system management capabilities, including the ability to terminate processes and delete files.
Sanitization: Content read from the infected system is processed for specific markers without extensive sanitization before being included in logs or reports.

eradicating-malware-from-infected-systems