The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands such as mount, ls, find, and cat to facilitate forensic analysis of disk images and configuration files. This behavior is expected given the skill's domain of digital forensics and incident response.\n- [SAFE]: The skill uses standard Python libraries (Registry, xml.etree.ElementTree) and common search patterns to detect indicators of compromise. While it accesses sensitive artifacts, it does so for investigation purposes without performing any remote network operations or data exfiltration.\n- [PROMPT_INJECTION]: The skill processes potentially untrusted data from forensic images (registry values, XML task definitions, and Linux config files), presenting an indirect prompt injection surface.\n
Ingestion points: scripts/agent.py and SKILL.md read values from registry hives, task files, and system configs.\n
Boundary markers: Data is processed and displayed without specific delimiters or warnings to the agent.\n
Capability inventory: Command execution (mount, find) and report writing.\n
Sanitization: Artifact content is summarized without filtering potentially malicious instructions.

performing-malware-persistence-investigation