The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/agent.py script utilizes subprocess.check_output to execute powershell.exe for querying Windows Event Logs (specifically Event ID 4104). While the command is constructed using a fixed string and passed as a list of arguments to prevent standard shell injection, it represents an active command execution capability within the skill.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by ingesting and processing untrusted PowerShell logs and script files. It extracts previews and decodes Base64 payloads into analysis reports without sanitization or boundary markers. This could allow an attacker to embed malicious instructions in system logs that influence the AI agent when it processes the resulting hunt reports.
Ingestion points: scripts/agent.py reads Windows Event Logs and local PowerShell files; scripts/process.py parses JSON and CSV log data.
Boundary markers: No delimiters or safety warnings are present in the output files (findings.json or hunt_report.md) to distinguish untrusted data from the script's own analysis.
Capability inventory: The skill possesses capabilities for file system read/write access and local command execution via PowerShell.
Sanitization: The skill does not perform any sanitization, filtering, or escaping on the content extracted from logs before including it in the final reports provided to the agent.

detecting-suspicious-powershell-execution