The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of system-level commands to interact with the Docker daemon and manage forensic evidence.
scripts/agent.py uses subprocess.run to execute commands such as docker inspect, docker ps, docker diff, and docker export.
SKILL.md provides shell workflows involving docker, tar, sha256sum, and find for evidence processing.
[EXTERNAL_DOWNLOADS]: Fetches forensic tools from external repositories during the workflow.
Downloads the dive analysis tool from its official GitHub releases.
Downloads the container-diff tool from Google's public storage APIs.
[PRIVILEGE_ESCALATION]: The workflow requires high-level permissions to perform forensic tasks.
SKILL.md instructs the user to use sudo dpkg to install downloaded software.
The skill requires access to the Docker socket or root-level filesystem access to analyze container artifacts.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing untrusted data from compromised containers.
Ingestion points: Reads container metadata via docker inspect, runtime logs via docker logs, and filesystem changes via docker diff (documented in scripts/agent.py).
Boundary markers: Absent; the data is parsed and displayed without delimiters or warnings to the LLM to ignore instructions within the data.
Capability inventory: Ability to execute shell commands via subprocess.run, write files to the host system via docker export, and perform network scans via trivy (documented in scripts/agent.py).
Sanitization: No sanitization is performed on the content of logs or filesystem data before it is included in forensic reports or processed by the agent.

analyzing-docker-container-forensics