ctf-forensics
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Provides commands and Python scripts to extract sensitive Windows credentials from SAM and SYSTEM hives using the impacket library, as well as logic to decrypt Chrome/Edge browser passwords and crack KeePass databases.
- [COMMAND_EXECUTION]: Requires 'sudo' for several operations, including mounting raw disk images as loopback devices and performing network traffic captures via tcpdump.
- [EXTERNAL_DOWNLOADS]: References multiple external dependencies for installation via pip and git, including heatshrink2, stego-lsb, and a custom fork of keepass2john for Argon2 support.
- [REMOTE_CODE_EXECUTION]: Recommends the use of external scripts like 'gitdumper.sh' for recovering exposed .git directories, which involves downloading and executing untrusted code.
- [DATA_EXFILTRATION]: Performs network requests to external services such as mempool.space for Bitcoin transaction tracing and macvendors.com for hardware identification.
- [PROMPT_INJECTION]: The skill processes untrusted forensic data (disk images, memory dumps, PCAPs, logs) using high-privilege tools, creating a vulnerability to indirect prompt injection if malicious instructions are embedded in the analyzed files.
- Ingestion points: Processes external files including memory dumps (.dmp), disk images (.dd, .vmdk), and packet captures (.pcap).
- Boundary markers: Absent; the skill lacks instructions to sanitize or isolate data extracted from forensic artifacts.
- Capability inventory: Extensive capabilities including full Bash and Python access, filesystem manipulation, network connectivity, and 'sudo' privileges.
- Sanitization: Absent; data is passed directly from extraction tools to analysis commands without validation.
Recommendations
- AI detected serious security threats
Audit Metadata