skills/mukul975/anthropic-cybersecurity-skills/analyzing-linux-audit-logs-for-intrusion/Gen Agent Trust Hub
analyzing-linux-audit-logs-for-intrusion
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The script invokes the ausearch system utility using the subprocess module with list-based arguments, which effectively mitigates shell injection risks.
- [DATA_EXFILTRATION]: The agent reads sensitive system logs from /var/log/audit/audit.log. This access is the primary function of the skill for forensic analysis and does not involve network exfiltration.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted log data. Malicious system activity could generate log entries containing instructions that influence an AI analyzing the results. * Ingestion points: Reading from /var/log/audit/audit.log in scripts/agent.py. * Boundary markers: None. The parsed data is not isolated with protective delimiters. * Capability inventory: Execution of the ausearch command. * Sanitization: The script does not filter log content for natural language instructions.
Audit Metadata