The Agent Skills Directory

[COMMAND_EXECUTION]: The iex_replacement_deobfuscate function in SKILL.md utilizes subprocess.run to execute PowerShell scripts generated from untrusted malware samples. This command includes the -ExecutionPolicy Bypass flag, which disables security restrictions on script execution.
[REMOTE_CODE_EXECUTION]: The skill performs dynamic execution of untrusted content by writing malware-derived scripts to temporary files and executing them via the PowerShell interpreter. Although the logic attempts to replace Invoke-Expression with Write-Output, this sanitization is incomplete. PowerShell supports numerous other execution methods (e.g., call operator &, dot-sourcing ., Invoke-Command) that can trigger the execution of malicious payloads during the analysis process.
[PROMPT_INJECTION]: The skill is designed to process untrusted data from malware samples, creating a vulnerability where malicious instructions within the sample could influence the agent's analysis or behavior.
Ingestion points: Malware scripts are ingested via command-line arguments in scripts/agent.py and scripts/process.py.
Boundary markers: Absent; the skill does not use delimiters or warnings to isolate untrusted content from its instructions.
Capability inventory: The skill possesses capabilities for subprocess execution, file system interaction, and network indicator extraction.
Sanitization: No validation or sanitization is applied to the malware content before it is processed or executed.

deobfuscating-powershell-obfuscated-malware