Skills
skills/kiwamizamurai/cctf/forensics/Gen Agent Trust Hub

forensics

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (MEDIUM): The skill is highly susceptible to Indirect Prompt Injection (Category 8). It instructs the agent to ingest untrusted data from forensic artifacts.
  • Ingestion points: Processes files via suspicious_file, image.png, and memory.dmp using tools like exiftool, strings, and binwalk (SKILL.md).
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat file content as untrusted data.
  • Capability inventory: The agent has access to Bash, Read, Write, Grep, and Glob, allowing it to execute commands based on potentially malicious data.
  • Sanitization: There is no evidence of sanitization for file contents or metadata before they are processed by the agent.
  • COMMAND_EXECUTION (LOW): The skill relies on executing various shell commands (binwalk, foremost, volatility). While these are standard forensic tools, the use of Bash provides a broad attack surface if the agent is not careful with shell metacharacters in filenames.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 11:30 AM