The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads the Volatility 3 source code and necessary operating system symbol tables (ISF files) from the Volatility Foundation's official GitHub and download servers.
[COMMAND_EXECUTION]: The script scripts/agent.py automates the execution of Volatility plugins via subprocess.run to perform forensic analysis. This includes listing processes, scanning for hidden modules, and extracting network artifacts. Documentation also includes the use of insmod for memory acquisition on Linux systems.
[PROMPT_INJECTION]: The skill processes untrusted memory dumps and extracts strings, command-line arguments, and environment variables that could contain adversarial payloads. * Ingestion points: Memory dump files (e.g., memory.raw) processed by scripts/agent.py. * Boundary markers: None used in the automation script's reporting logic. * Capability inventory: Execution of local binaries (vol) and filesystem writes for report generation. * Sanitization: Forensic data is reported without validation or escaping.

performing-memory-forensics-with-volatility3