hunting-for-webshell-activity
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No prompt injection or behavior override patterns detected. The instructions are professional and focused on the stated threat-hunting purpose.
- [DATA_EXFILTRATION]: No unauthorized network operations or data exfiltration attempts found. The Python scripts only perform local file I/O for log analysis and report generation.
- [REMOTE_CODE_EXECUTION]: Python scripts use standard libraries (json, argparse, re, datetime) and perform local file operations as described. No remote script execution or unverifiable dependencies were identified.
- [COMMAND_EXECUTION]: No suspicious command execution or privilege escalation commands (like sudo or chmod) were found. The skill does not use subprocesses to run external binaries.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials, API keys, or secrets were detected in the scripts or documentation.
- [SAFE]: No obfuscated code or hidden instructions were identified. All external references are to well-known security frameworks and repositories (MITRE, Sigma, LOLBAS).
Audit Metadata