The Agent Skills Directory

[COMMAND_EXECUTION]: The Python scripts (SKILL.md, scripts/agent.py, and scripts/process.py) use the subprocess.run function to execute Volatility3 commands. The execution is implemented securely by passing arguments as a list and avoiding the use of shell=True, which prevents shell injection vulnerabilities when handling user-provided file paths for memory dumps.
[DATA_EXFILTRATION]: There is no evidence of unauthorized data transmission. The skill processes local forensic artifacts and outputs analysis results to the standard output or local files as requested by the user.
[PROMPT_INJECTION]: The skill instructions and metadata are focused on technical forensic workflows and do not contain any patterns designed to override agent behavior, bypass safety guidelines, or extract system prompts.
[EXTERNAL_DOWNLOADS]: The skill references the volatility3 package and official documentation from the Volatility Foundation and MITRE ATT&CK. These are well-known, reputable sources within the cybersecurity community, and the skill correctly instructs users to manage dependencies via standard package managers.

performing-memory-forensics-with-volatility3-plugins