The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py uses subprocess.run(shell=True) combined with f-string interpolation in functions such as run_cmd, acquire_with_dd, and acquire_with_dcfldd. This pattern is highly vulnerable to command injection if variables like device paths, source, or destination are manipulated by an attacker or sourced from untrusted inputs.
[COMMAND_EXECUTION]: The skill requires root or sudo privileges to perform its primary forensic tasks, such as disk imaging and write-blocking. This requirement significantly escalates the potential impact of the command injection vulnerabilities to a full system compromise.
[COMMAND_EXECUTION]: The skill includes procedures for modifying critical system configuration files, such as writing udev rules to /etc/udev/rules.d/ to enforce software write-blocking.
[EXTERNAL_DOWNLOADS]: Documentation in SKILL.md provides instructions for the installation of external tools using the system package manager (apt-get install dcfldd).
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface in the way it processes system data.
Ingestion points: The agent ingests and parses JSON output from the lsblk command within scripts/agent.py to identify devices.
Boundary markers: There are no boundary markers or instructions to ignore potentially malicious content embedded in device metadata (such as model or serial strings).
Capability inventory: The skill has the capability to execute system commands as root and write to the filesystem.
Sanitization: No validation, escaping, or sanitization is performed on the data retrieved from lsblk before it is used in subsequent command construction or logic.

acquiring-disk-image-with-dd-and-dcfldd