The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py utilizes the subprocess module to execute local system commands for forensic collection. It invokes wevtutil to retrieve Sysmon Event IDs 19, 20, and 21 from the Windows event logs and uses powershell to enumerate WMI objects from the root\subscription namespace. These commands are executed using list-based arguments without shell=True, which is a safe practice to prevent command injection. These operations are essential to the tool's function as a threat-hunting utility.
[PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection due to the way it processes external telemetry data in scripts/agent.py.
Ingestion points: The agent parses XML data from Sysmon events and query results from the WMI service. Both sources can contain strings controlled by an adversary, such as malicious WMI filter names, WQL queries, or the content of CommandLineEventConsumer payloads.
Boundary markers: The gathered data is structured into a JSON-formatted report, which serves as a delimiter between raw data and instructions when reviewed by an agent.
Capability inventory: The agent script possesses the capability to execute system binaries via subprocess.run for its data gathering functions.
Sanitization: The script does not perform explicit sanitization or escaping of the ingested string content before including it in the output JSON. While standard for forensic tools, this presents an indirect injection surface if a downstream AI agent processes the resulting report as trusted instruction or without sufficient input validation.

detecting-wmi-persistence