skills/mukul975/anthropic-cybersecurity-skills/extracting-windows-event-logs-artifacts/Gen Agent Trust Hub
extracting-windows-event-logs-artifacts
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the Chainsaw forensic tool and Sigma rule sets from the WithSecureLabs official GitHub repository for log analysis.
- [EXTERNAL_DOWNLOADS]: Downloads the Hayabusa timeline generator from the Yamato-Security official GitHub repository.
- [COMMAND_EXECUTION]: Executes standard forensic commands and downloaded binaries to parse EVTX logs and identify security incidents.
- [SAFE]: Regarding Indirect Prompt Injection Surface Analysis:
- Ingestion points: Windows Event Log files (EVTX) processed in 'scripts/agent.py' and 'SKILL.md'.
- Boundary markers: None present.
- Capability inventory: File system read/write and execution of local forensics tools.
- Sanitization: Data is parsed into structured JSON/CSV for analysis; the content is searched for matching patterns but not executed.
Audit Metadata