The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py utilizes subprocess.run to execute the Windows reg query command. This is used to enumerate registry entries associated with persistence. The execution is constrained to a predefined list of registry keys, minimizing the risk of arbitrary command injection.\n- [SAFE]: The skill operates entirely within the local environment, reading system configuration and log files to identify potential threats. No network connections or exfiltration attempts were observed.\n- [SAFE]: All scripts use standard Python library modules and do not include any obfuscated code, hidden instructions, or attempts to bypass security controls.\n- [SAFE]: The processing of external log data in scripts/process.py is performed using standard parsing and regex matching techniques, intended for forensic analysis without posing a risk of indirect prompt injection or code execution from the input data.

hunting-for-registry-persistence-mechanisms