skills/jeremylongshore/claude-code-plugins-plus/responding-to-security-incidents/Gen Agent Trust Hub
responding-to-security-incidents
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run various system-level commands and forensic tools such as
volatility,ps auxf,ss -tulnp, and custom shell/Python scripts to gather evidence and perform containment tasks. - [DATA_EXPOSURE]: The skill accesses highly sensitive data sources including authentication logs, application error logs, memory dumps, and disk images. This access is required for forensic investigation and is restricted to the
${CLAUDE_SKILL_DIR}scope. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data in the form of system and application logs which may contain malicious content designed to influence the agent's reasoning.
- Ingestion points: Authentication logs, web server logs, and database access logs located in
${CLAUDE_SKILL_DIR}/logs/. - Boundary markers: No specific delimiters or safety instructions are defined to separate log content from the analysis prompt.
- Capability inventory: The skill has broad capabilities including file read/write, shell execution (
Bash), and forensic tool invocation. - Sanitization: No explicit sanitization or filtering logic is present in the provided forensic script templates.
Audit Metadata