triaging-windows-with-kape

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The Python script scripts/agent.py uses subprocess.run() to execute kape.exe. The command arguments are constructed from user-supplied parameters to define triage targets and destinations.
  • [EXTERNAL_DOWNLOADS]: The skill documentation provides instructions to synchronize forensic configurations and update binaries from the Kroll website and Eric Zimmerman's public GitHub repository, which are well-known and recognized sources in the digital forensics community.
  • [DATA_EXPOSURE]: The skill is designed to access and collect sensitive system artifacts (e.g., registry hives, event logs) for forensic analysis. This access is consistent with the primary purpose of a triage tool and is performed locally on the target system.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:42 AM
Security Audit — agent-trust-hub — triaging-windows-with-kape