The Agent Skills Directory

[COMMAND_EXECUTION]: The script agent.py uses subprocess.run to execute the Windows reg command. This is used solely for auditing the registry to identify DCOM object configurations. Since the command arguments are derived from a hardcoded list of class identifiers, the implementation is secure and aligns with the tool's diagnostic purpose.
[SAFE]: No indicators of prompt injection, data exfiltration, or persistence were found. The skill relies on well-known Python packages for parsing event logs and operates entirely on local telemetry data.

hunting-for-dcom-lateral-movement