Skills
skills/mukul975/anthropic-cybersecurity-skills/detecting-process-injection-techniques/Gen Agent Trust Hub

detecting-process-injection-techniques

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/agent.py and instructions in SKILL.md utilize the subprocess module to execute external forensic utilities and system commands. This includes running vol3 (Volatility 3) for memory analysis, powershell.exe for process enumeration, and wevtutil.exe for querying Windows Event Logs.
  • Evidence in scripts/agent.py: subprocess.run(["vol3", "-f", memory_dump, "windows.malfind"], ...)
  • Evidence in scripts/agent.py: subprocess.run(["powershell", "-Command", ps_cmd], ...)
  • [EXTERNAL_DOWNLOADS]: The skill documentation and scripts reference several third-party Python libraries and external tools necessary for malware forensics, such as pefile, capstone, python-evtx, and Volatility 3. These are standard tools within the cybersecurity domain.
  • Evidence: import pefile and from capstone import Cs in SKILL.md analysis snippets.
  • Evidence: import Evtx.Evtx as evtx in scripts/agent.py for parsing Sysmon logs.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 06:46 PM