parsing-artifacts-with-eric-zimmerman-tools

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/agent.py uses the subprocess.run() function to execute external Windows forensic binaries, such as MFTECmd.exe, PECmd.exe, and RECmd.exe. The command-line arguments for these tools are constructed using file paths and directories provided via the script's command-line interface (--collection, --out, --tools-dir). This behavior is consistent with the skill's stated purpose as a batch driver for forensic parsers.
  • [EXTERNAL_DOWNLOADS]: The SKILL.md instructions guide users to download and execute a PowerShell script (Get-ZimmermanTools.ps1) from a public GitHub repository managed by Eric Zimmerman. This script is used to install and maintain the forensic toolset required by the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 09:01 PM
Security Audit — agent-trust-hub — parsing-artifacts-with-eric-zimmerman-tools