The Agent Skills Directory

[SAFE]: The skill provides instructional content and technical methodologies for the analysis of malware artifacts and C2 beacon configurations.\n- [COMMAND_EXECUTION]: Includes reference shell commands for established security analysis tools such as YARA, Volatility3, and strings. these are intended for manual execution by a user on local files and are not automated.\n- [SAFE]: The provided Python scripts for Cobalt Strike configuration parsing rely on standard modules (struct, json) for local buffer analysis and do not perform network operations or dangerous dynamic code execution.\n- [SAFE]: References to external libraries like dissect.cobaltstrike are consistent with standard malware analysis practices and utilize trusted tools.\n- [SAFE]: An indirect prompt injection surface exists via the processing of untrusted binary malware samples and memory dumps. (1) Ingestion points: sample.bin, beacon.bin, and memory.dmp analyzed by local scripts. (2) Boundary markers: Absent in the provided code snippets. (3) Capability inventory: Local file reading and execution of analysis utilities. (4) Sanitization: Absent, as the tool's primary function is to parse raw binary data for forensics.

c2-beacon-analysis