performing-memory-forensics-with-volatility3
Warn
Audited by Snyk on Apr 11, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The SKILL.md workflow explicitly instructs fetching public third‑party resources (e.g., wget https://downloads.volatilityfoundation.org/volatility3/symbols/windows.zip and git clone https://github.com/volatilityfoundation/volatility3, plus using external YARA rule files), and the agent/script ingests those symbol tables and YARA rules as part of its analysis workflow—external content that directly influences plugin outputs and subsequent analysis decisions.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly instructs privileged actions (e.g., "sudo insmod lime-$(uname -r).ko" and placing symbol packs under /opt), which require sudo/kernel module insertion and thus request elevated privileges and modification of system state.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata