skills/mukul975/anthropic-cybersecurity-skills/hunting-bootkits-in-efi-system-partition/Gen Agent Trust Hub
hunting-bootkits-in-efi-system-partition
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runwithinscripts/agent.pyto interact with system forensic utilities includingmount,sbverify, andyara. These calls are implemented using list-based arguments withoutshell=True, which is a security best practice that prevents shell injection. This functionality is essential for the skill's stated purpose of partition and binary analysis. - [EXTERNAL_DOWNLOADS]: The documentation and scripts reference official security research and forensic tools from well-known sources, such as UEFITool from the LongSoft GitHub repository, as well as official Debian/Ubuntu repositories and the Python Package Index (PyPI). These references are documented neutrally as they originate from trusted technology providers and established security firms.
- [DATA_EXFILTRATION]: No network exfiltration or credential harvesting patterns were detected. The Python script and the provided command-line instructions operate exclusively on the local filesystem and the isolated mount point of the EFI partition.
- [SAFE]: The skill does not contain any evidence of prompt injection, obfuscation, or persistence mechanisms. Its requirement for administrative privileges is appropriate for its intended forensic use case of accessing hardware partitions.
Audit Metadata