dump-collect
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- System Configuration and Privilege Usage: The skill provides instructions for modifying system-wide settings, such as the Linux core pattern (/proc/sys/kernel/core_pattern) and the Windows Registry (HKLM:\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps). These operations require elevated permissions (sudo or Administrator) and are necessary for the skill's intended purpose of managing OS-level crash dump collection.
- Container Capability Requirements: Instructions include the use of SYS_PTRACE capabilities and the --privileged flag for Docker containers. While these grant significant permissions to containers, they are standard requirements for tools that must attach to and inspect the memory of other processes for dump collection.
- External Resource Fetching: The skill downloads the Procdump utility from Microsoft's official Sysinternals domain (download.sysinternals.com). This is a well-known and trusted service provided by the vendor for system diagnostics.
- Command Execution Surface: The skill involves extensive use of shell commands to interact with processes and the filesystem. It ingests untrusted data points like process IDs and container names which are interpolated into commands. Capability inventory includes file system writes, registry modifications, and network downloads. Boundary markers and explicit sanitization steps for these inputs are not explicitly defined in the instructions, which is a common pattern for diagnostic utility skills.
Audit Metadata