fleet-hunting-with-velociraptor
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references downloading the Velociraptor binary from its official GitHub repository (https://github.com/Velocidex/velociraptor/releases). This is a well-known and reputable source for this technology.
- [COMMAND_EXECUTION]: The helper script
scripts/agent.pyusessubprocess.run()to execute the Velociraptor binary with various arguments. The implementation uses list-based argument passing rather than shell strings, which follows security best practices to prevent command injection. - [PROMPT_INJECTION]: The
scripts/agent.pyscript takes a VQL (Velociraptor Query Language) string as a command-line argument and executes it. This creates an indirect prompt injection surface where the agent might execute arbitrary queries if untrusted data is interpolated into the query string. - Ingestion points: The
vqlargument inscripts/agent.pyviaargparse. - Boundary markers: None present.
- Capability inventory: The script can execute any VQL plugin supported by the binary, including those that interact with the file system and processes (e.g.,
pslist,glob). - Sanitization: No sanitization is performed on the VQL string before execution.
- [COMMAND_EXECUTION]: The
SKILL.mdfile contains instructions for system-level installation, including usingchmod +xandsudoto move the binary to/usr/local/bin/. These are standard administrative steps for installing this type of utility.
Audit Metadata