The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/agent.py script utilizes the subprocess.run function to programmatically execute chipsec modules for platform security assessments. This is done using a list-based command structure, which is a secure practice to prevent shell injection.
[COMMAND_EXECUTION]: The SKILL.md file contains numerous shell command examples for performing low-level system forensic tasks, such as dumping BIOS regions with flashrom, mounting system partitions, and checking Secure Boot status via CLI utilities.
[SAFE]: The skill operates entirely on local firmware and filesystem data for the purpose of identifying known malware families (e.g., BlackLotus, LoJax). It does not include network operations, hardcoded credentials, or any attempts at persistence or self-obfuscation.

analyzing-uefi-bootkit-persistence