skills/mukul975/anthropic-cybersecurity-skills/conducting-memory-forensics-with-volatility/Gen Agent Trust Hub
conducting-memory-forensics-with-volatility
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides standard operating procedures for memory acquisition and analysis using established forensic tools. The instructions in
SKILL.mdare aligned with digital forensics and incident response (DFIR) best practices. - [COMMAND_EXECUTION]: The
scripts/agent.pyfile uses thesubprocessmodule in therun_volatilityfunction (line 15) to execute Volatility 3 plugins (vol -f <memory_file> <plugin>). This is the core functionality intended for automating the analysis of memory dumps. - [PROMPT_INJECTION]: The
scripts/agent.pyscript possesses an indirect prompt injection surface as it processes output from external forensic tools that parse untrusted memory dumps. 1. Ingestion points:run_volatility(line 30) readsstdout. 2. Boundary markers: Absent. 3. Capability inventory: Command execution viasubprocess.run(line 15). 4. Sanitization: Absent; the script performs simple string splitting on the results.
Audit Metadata