The Agent Skills Directory

[COMMAND_EXECUTION]: Risk of command injection in scripts/agent.py. The script uses subprocess.run(shell=True) to execute Sleuth Kit commands and interpolates the image_path and case_dir variables directly into these strings. Malicious inputs containing shell metacharacters (e.g., ;, &, |) could lead to arbitrary code execution. Evidence: Usage of f"img_stat {image_path}" and similar patterns in scripts/agent.py functions. \n- [COMMAND_EXECUTION]: Use of high-privilege commands for environment setup. The workflow in SKILL.md instructs users to run sudo apt-get install, which requires administrative privileges. Evidence: sudo apt-get install autopsy sleuthkit in SKILL.md. \n- [EXTERNAL_DOWNLOADS]: Fetching software and reference data from remote repositories. The skill downloads the Autopsy ZIP archive from GitHub and the NSRL hash database from AWS S3. These are documented as functional requirements from well-known sources. Evidence: wget commands in SKILL.md targeting github.com/sleuthkit and s3.amazonaws.com/rds.nsrl.nist.gov. \n- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection through forensic data ingestion. \n
Ingestion points: Forensic data is ingested through Sleuth Kit tools like fls and istat which read metadata and filenames from the provided disk image, which are then processed and displayed by scripts/agent.py. \n
Boundary markers: No delimiters or sanitization are used when presenting the output of these tools. \n
Capability inventory: The agent has the capability to execute shell commands and write to the file system. \n
Sanitization: No validation or filtering is performed on the data extracted from the disk images before it is used or reported.

analyzing-disk-image-with-autopsy