The Agent Skills Directory

[SAFE]: The skill implements standard digital forensics procedures for interpreting Windows Shellbag registry keys. The provided Python scripts perform local binary parsing and data transformation without suspicious network activity.
[EXTERNAL_DOWNLOADS]: References to external tools (SBECmd, ShellBags Explorer) and libraries (regipy) target reputable community sources and official repositories. These are documented neutrally without alarming language.
[PROMPT_INJECTION]: Indirect prompt injection surface detected. The skill processes external registry hives and CSV files without explicit boundary markers. This is a low-risk inherent characteristic of forensic data processing tools. Evidence: 1. Ingestion: agent.py (target hive path), process.py (CSV input). 2. Boundary markers: Absent. 3. Capabilities: File read/write. 4. Sanitization: ASCII decoding with error replacement in agent.py.

analyzing-windows-shellbag-artifacts