dfir
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a defensive toolkit for digital forensics and incident response, providing scripts and instructions for security investigations.
- [COMMAND_EXECUTION]: The skill employs standard forensics CLI tools including tshark, 7z, hashcat, and analyzeMFT.
- [EXTERNAL_DOWNLOADS]: The skill installs legitimate forensics libraries such as python-evtx, windowsprefetch, and analyzeMFT from official repositories.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to the ingestion of untrusted forensics artifacts. 1. Ingestion points: Artifacts like capture.pcap, Security.evtx, and MFT files are parsed. 2. Boundary markers: No explicit delimiters are provided in the analysis scripts. 3. Capability inventory: The skill executes shell commands (tshark, 7z) and performs filesystem operations. 4. Sanitization: Data is parsed using standard libraries (python-evtx, tshark) but lacks specific LLM-focused sanitization. This surface is inherent to the forensics use-case.
Audit Metadata