The Agent Skills Directory

[COMMAND_EXECUTION]: The Python scripts scripts/agent.py and scripts/process.py utilize the subprocess module to execute high-privilege commands including taskkill, reg delete, schtasks, and sc stop/delete to eradicate malware artifacts.
[EXTERNAL_DOWNLOADS]: The skill integrates with the CrowdStrike Falcon API (api.crowdstrike.com) for post-eradication scanning and references standard tools such as YARA, ClamAV, and Sysinternals Autoruns.
[DATA_EXFILTRATION]: The skill accesses sensitive system files and configuration data, including ~/.ssh/authorized_keys, crontabs, and Windows Registry run keys, to identify unauthorized entries.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the filesystem and registry. Evidence chain: (1) Ingestion points: scripts/process.py reads registry keys and shell profiles; (2) Boundary markers: None present; (3) Capability inventory: Process termination and file deletion via subprocess; (4) Sanitization: None identified for external content interpolation into reports.

eradicating-malware-from-infected-systems