The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The execute_command tool defined in references/tools.md allows the agent to run arbitrary shell commands on the host system. While intended to provide flexibility for forensic tools not explicitly wrapped as MCP endpoints, this provides a powerful primitive that could be abused if the agent's logic is subverted.
[PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted forensic data. Evidence: 1. Ingestion points: Artifacts processed by exiftool_extract, strings_extract, and binwalk_analyze. 2. Boundary markers: Absent; there are no instructions to the agent to treat file content as data rather than instructions. 3. Capability inventory: Includes execute_command and file system manipulation. 4. Sanitization: Absent; content from metadata tags or strings is presented directly to the agent context. An attacker could embed instructions in a file's metadata to trick the agent into executing malicious commands.

pentest-ctf-forensics