The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py uses subprocess.run() to execute the Volatility3 (vol) CLI tool. The command is constructed using a list of arguments, which is a safe practice that prevents shell injection. The inputs are derived from user-provided file paths and internal plugin names.
[EXTERNAL_DOWNLOADS]: The documentation in references/api-reference.md provides instructions for installing the Volatility3 framework. It correctly references the official Python Package Index (PyPI) and the authoritative GitHub repository of the Volatility Foundation, which are trusted sources for security tools.
[DATA_EXPOSURE]: The skill reads from user-provided memory dump files and writes analysis results to a local output directory. It does not perform any network operations or external data exfiltration. The output is a structured JSON report containing forensic indicators.
[PROMPT_INJECTION]: The SKILL.md instructions are strictly technical and follow standard procedural guidelines for malware analysis. There are no attempts to override agent behavior, bypass safety filters, or extract system prompts.

analyzing-heap-spray-exploitation