skills/mukul975/anthropic-cybersecurity-skills/analyzing-powershell-empire-artifacts/Gen Agent Trust Hub
analyzing-powershell-empire-artifacts
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Python script 'scripts/agent.py' executes the 'wevtutil' binary via the 'subprocess.run' module to retrieve script block and module logging events. This execution is necessary for the skill's analysis and is implemented safely using argument lists and numeric validation of parameters.
- [PROMPT_INJECTION]: The skill ingests potentially untrusted data from Windows Event Logs and local files, creating a surface for indirect prompt injection if the logs contain adversarial text intended to influence downstream LLM interpretation.
- Ingestion points: Windows Event Logs (via wevtutil) and PowerShell files processed in 'scripts/agent.py'.
- Boundary markers: Absent. Findings are not wrapped in delimiters.
- Capability inventory: Execution of 'wevtutil' for log retrieval.
- Sanitization: Log content is extracted and decoded without filtering or sanitization before being reported.
Audit Metadata