The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/agent.py script executes system commands (sc query on Windows and systemctl is-active on Linux) to verify the status of restored services. These commands are executed safely using argument lists, which prevents shell injection vulnerabilities by ensuring that system names are treated as data rather than executable code.
[DATA_EXFILTRATION]: The skill performs file integrity checks by computing SHA256 hashes of restored data and comparing them against a baseline manifest. All data processing is local to the recovery environment, and no unauthorized network transmission or exfiltration patterns were detected.
[REMOTE_CODE_EXECUTION]: No remote code execution or unauthorized external downloads were found. The skill relies on standard system utilities and locally provided Python scripts to perform its functions.
[PROMPT_INJECTION]: The SKILL.md documentation provides clear, task-oriented instructions for incident response testing. It contains no instructions that attempt to override AI safety guidelines, bypass system constraints, or extract sensitive prompt data.
[CREDENTIALS_UNSAFE]: The skill documentation refers to best practices for rotating credentials post-restore but does not contain hardcoded secrets. It correctly suggests using configuration files or environment-specific paths for managing backup repository passwords.

testing-ransomware-recovery-procedures