fleet-hunting-with-velociraptor

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references downloading the Velociraptor binary from its official GitHub repository (https://github.com/Velocidex/velociraptor/releases). This is a well-known and reputable source for this technology.
  • [COMMAND_EXECUTION]: The helper script scripts/agent.py uses subprocess.run() to execute the Velociraptor binary with various arguments. The implementation uses list-based argument passing rather than shell strings, which follows security best practices to prevent command injection.
  • [PROMPT_INJECTION]: The scripts/agent.py script takes a VQL (Velociraptor Query Language) string as a command-line argument and executes it. This creates an indirect prompt injection surface where the agent might execute arbitrary queries if untrusted data is interpolated into the query string.
  • Ingestion points: The vql argument in scripts/agent.py via argparse.
  • Boundary markers: None present.
  • Capability inventory: The script can execute any VQL plugin supported by the binary, including those that interact with the file system and processes (e.g., pslist, glob).
  • Sanitization: No sanitization is performed on the VQL string before execution.
  • [COMMAND_EXECUTION]: The SKILL.md file contains instructions for system-level installation, including using chmod +x and sudo to move the binary to /usr/local/bin/. These are standard administrative steps for installing this type of utility.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 11:58 AM
Security Audit — agent-trust-hub — fleet-hunting-with-velociraptor