The Agent Skills Directory

[SAFE]: The script scripts/agent.py uses the subprocess module to execute built-in Windows diagnostic tools like wmic, netstat, and reg. These commands are executed using argument lists, which prevents command injection vulnerabilities. The collection of system data is consistent with the skill's forensic purpose.\n- [SAFE]: No hardcoded credentials or sensitive secrets were found in the codebase. The skill recommends using environment files for any sensitive configurations, which aligns with security best practices.\n- [SAFE]: All external references and documentation links target well-known and trusted forensic community resources such as the Volatility Foundation, Kroll, and the SANS Institute. No suspicious external downloads or remote code execution patterns were identified.\n- [SAFE]: The artifact processing script scripts/process.py performs safe parsing of forensic data (e.g., Prefetch and ShimCache files) using standard libraries, focusing on report generation without introducing dynamic execution risks.

performing-endpoint-forensics-investigation