skills/mukul975/anthropic-cybersecurity-skills/extracting-memory-artifacts-with-rekall/Gen Agent Trust Hub
extracting-memory-artifacts-with-rekall
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches forensic configuration profiles from Google's official GitHub repository (github.com/google/rekall-profiles). This is a standard and necessary function for the Rekall framework.
- [DATA_EXFILTRATION]: Reads local memory dump files for analysis and writes the resulting forensic report to a local JSON file. No network exfiltration of analyzed data was detected.
- [PROMPT_INJECTION]: The skill processes untrusted binary data from memory images, representing a potential indirect injection surface.
- Ingestion points: Memory images loaded via the --image parameter in agent.py.
- Boundary markers: Absent; analysis is performed on raw binary structures.
- Capability inventory: Local file read/write operations within agent.py.
- Sanitization: Relies on the parsing logic of the rekall Python library.
Audit Metadata