testing-ransomware-recovery-procedures
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill demonstrates the use of various CLI tools to manage and verify recovery operations.
- Uses
ip routeto ensure the recovery environment is properly segmented from production. - Employs
resticto interact with remote backup repositories and list snapshots. - Utilizes
find,wc, andsha256sumto verify the completeness and integrity of restored file systems. - Uses PostgreSQL client tools (
pg_isready,psql) to check database availability and query restored data. - [DATA_EXPOSURE]: The skill references paths typically used for sensitive data as part of its procedural examples.
- Mentions
/etc/restic/pwas a password file location for backup repository access. - References an AWS S3 bucket (
s3.amazonaws.com/backup-bucket) for storing and retrieving backup data. - [SAFE]: The skill interacts with well-known services and follows established cybersecurity frameworks.
- Network requests are directed toward Amazon Web Services (AWS), a well-known service provider.
- The procedures align with industry standards such as NIST SP 800-184 and the CISA Ransomware Guide.
- [INDIRECT_PROMPT_INJECTION]: The skill defines a surface for processing untrusted data during recovery validation.
- Ingestion points: Data is ingested from external backup repositories (S3) and restored local file systems.
- Boundary markers: None identified; the instructions do not include specific delimiters or warnings regarding potentially malicious content within restored backups.
- Capability inventory: The skill uses subprocess calls to execute
restic,psql, and file system utilities. - Sanitization: No specific sanitization or validation steps are provided for the data processed by the restoration and verification tools.
Audit Metadata