The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted external data (Windows LNK and Jump List files) which constitutes an indirect prompt injection surface.
Ingestion points: scripts/agent.py and scripts/process.py read binary data from file paths provided by the user, including system directories like %APPDATA%\Microsoft\Windows\Recent\.
Boundary markers: No explicit boundary markers or instructions to ignore embedded content are used during parsing as the tool performs binary structure analysis.
Capability inventory: The scripts perform file reads (open, rb), directory traversal (os.walk, glob), and JSON/CSV generation. They do not execute the content of the parsed LNK files; they only flag suspicious patterns.
Sanitization: The tool uses the struct module for fixed-length binary unpacking and regex for pattern matching. While it doesn't sanitize the output for display, it does not use the parsed data in sensitive operations like eval() or network requests.
[DATA_EXPOSURE]: The skill targets forensic artifact locations that contain user activity history, such as the 'Recent' items and 'Jump Lists' folders. While these contain sensitive metadata about user behavior, the skill's purpose is forensic analysis, and there is no evidence of data being transmitted to external servers.
[EXTERNAL_DOWNLOADS]: The skill documentation and api-reference.md refer to Eric Zimmerman's EZ Tools (LECmd, JLECmd) and the LnkParse3 Python library. These are well-established, industry-standard tools in the digital forensics community. The skill does not attempt to download these automatically.

analyzing-lnk-file-and-jump-list-artifacts