The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires users to execute commands that significantly weaken Windows system security to load a kernel driver. Specifically, it instructs the use of 'bcdedit' to enable 'testsigning' and disable 'nointegritychecks'.
[COMMAND_EXECUTION]: The toolkit facilitates the installation and execution of a kernel-mode driver ('KWinSys.sys') via 'sc create' and 'sc start', providing the software with ring-0 access to the operating system.
[DATA_EXFILTRATION]: The 'WinSysServer' component establishes an unauthenticated remote TCP server (default port 50002) that broadcasts sensitive system telemetry, including process lists, network connections, and kernel memory contents.
[DATA_EXFILTRATION]: The toolkit provides functionality for reading and writing arbitrary kernel memory, which can be leveraged to extract sensitive information or bypass security controls.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the system environment during analysis (Ingestion points: process names, memory content, network strings). No boundary markers or instructions to ignore embedded content are defined (Boundary markers: absent). The skill has extensive capabilities including kernel memory R/W and command execution (Capability inventory: sc, bcdedit, kernel R/W). No evidence of sanitization for ingested system data is provided (Sanitization: absent).

ntwarden-windows-analysis-toolkit