The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to use sudo apt-get install to install system-level forensic utilities, which involves privilege escalation to manage system packages.
[COMMAND_EXECUTION]: The workflow performs extensive file system operations, including creating case directories (mkdir), copying sensitive logs from evidence mounts (cp), and generating archives (tar). It also executes Python scripts through shell heredocs to correlate and normalize event data.
[EXTERNAL_DOWNLOADS]: The instructions require downloading external dependencies, including the python-evtx library via pip and system packages via the OS package manager.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from multiple log sources (Windows Event Logs, Linux syslogs, and web access logs).
Ingestion points: Processes external log files via scripts/agent.py and various command-line utilities.
Boundary markers: No delimiters or specific instructions are provided to distinguish between the analyzer's instructions and the content of the logs being processed.
Capability inventory: The skill possesses the ability to install software, modify the file system, and generate reports based on the analyzed data.
Sanitization: While the skill uses regex and structured parsing for analysis, it lacks sanitization logic to prevent malicious instructions hidden in log entries from influencing the AI agent's logic.

performing-log-analysis-for-forensic-investigation