ctf-forensics
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Provides instructions for executing system-level commands requiring administrative privileges, such as mounting disk images (
sudo mount) and capturing network traffic (sudo tcpdump), which are necessary for forensics analysis. - [EXTERNAL_DOWNLOADS]: Recommends the installation of numerous third-party forensics tools and libraries from standard repositories (
pip,apt,brew) and specific GitHub repositories (e.g.,github.com/volatilityfoundation,github.com/impacket). It also instructions fetching external configuration data such as symbol tables for memory forensics. - [DATA_EXFILTRATION]: Includes instructions for making outbound network requests to well-known services and APIs (e.g.,
mempool.space,macvendors.com,etherscan.io) to enrich forensics data. - [PROMPT_INJECTION]: The skill's primary function is to process and analyze untrusted external data (such as log files, network captures, memory dumps, and disk images) which could contain malicious instructions or artifacts designed to influence the agent's behavior.
- Ingestion points: Untrusted data enters the agent context through the analysis of artifacts described across multiple files, including
windows.md,network.md, anddisk-and-memory.md. - Boundary markers: The instructions do not specify the use of clear delimiters or instructions to ignore embedded content when processing these untrusted artifacts.
- Capability inventory: The skill leverages powerful system-level tools through the
Bashcapability, including full filesystem access and network utilities. - Sanitization: There is no mention of sanitizing or validating the contents of the analyzed forensic data before processing or interpreting it.
Audit Metadata