The Agent Skills Directory

[SAFE]: No malicious patterns or behaviors were detected during the analysis of the skill's code and documentation.
[COMMAND_EXECUTION]: The skill includes a Python script that utilizes subprocess.run to call the autorunsc64.exe binary. This command execution is required for the skill's primary function of scanning Windows systems for persistence mechanisms.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted external data from CSV reports.
Ingestion points: The scripts scripts/agent.py and the code block in SKILL.md ingest data from CSV files.
Boundary markers: Not present; the scripts read CSV columns directly as strings.
Capability inventory: Local file reading and command execution via subprocess.run in SKILL.md.
Sanitization: The data is parsed using standard libraries, but the content itself is not sanitized for potential injection strings targeting downstream LLM processing.

analyzing-malware-persistence-with-autoruns