skills/mukul975/anthropic-cybersecurity-skills/performing-cloud-native-forensics-with-falco/Gen Agent Trust Hub
performing-cloud-native-forensics-with-falco
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The
parse_falco_alertsfunction inscripts/agent.pyprocesses container runtime alerts from external log files. This creates an indirect prompt injection surface where malicious data within the logs could potentially influence the agent's summary or analysis. 1. Ingestion points:parse_falco_alertsinscripts/agent.py. 2. Boundary markers: Absent. 3. Capability inventory: No dangerous capabilities (like shell execution or remote sends) are performed on the ingested data. 4. Sanitization: Absent. - [DATA_EXFILTRATION]: The skill documents monitoring rules for sensitive system paths such as
/etc/shadowand/etc/passwd. While these are referenced in the context of security detection, the agent script itself does not attempt to access or exfiltrate these files. Additionally, the script interacts with a local Falco API endpoint athttp://localhost:8765for status checks.
Audit Metadata