memory-forensics-evasion
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides extensive command-line examples for memory acquisition tools like DumpIt, WinPmem, and LiME, as well as the Volatility3 forensics framework for system analysis.
- [EXTERNAL_DOWNLOADS]: Contains references to external security research repositories and official documentation on GitHub and blog platforms (e.g., Ekko, Foliage, Volatility3 docs) for educational purposes.
- [DATA_EXPOSURE]: Documents the use of forensic plugins designed to extract sensitive data from memory images, such as NTLM hashes, LSA secrets, and cached credentials, as part of its forensic analysis methodology.
- [INDIRECT_PROMPT_INJECTION]: The skill describes a workflow for analyzing untrusted external data (memory dumps). While it does not include automated execution of data content, the ingestion of external binary files for analysis represents a theoretical surface for indirect instructions if processed by automated agent pipelines.
Audit Metadata