skills/mukul975/anthropic-cybersecurity-skills/performing-linux-log-forensics-investigation/Gen Agent Trust Hub
performing-linux-log-forensics-investigation
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive system log files, including /var/log/auth.log, /var/log/syslog, and /var/log/audit/audit.log. While this access is essential for the skill's forensic purpose, it involves reading authentication events and system-level security logs.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data extracted from system logs and shell history.
- Ingestion points: Functions in scripts/agent.py and scripts/process.py extract strings (such as usernames and command lines) from logs that could be influenced by an attacker.
- Boundary markers: Extracted log data is not wrapped in security delimiters or accompanied by explicit instructions to the AI agent to ignore embedded commands.
- Capability inventory: The skill includes the ability to read system-wide logs and write reports to the filesystem.
- Sanitization: Log entries are truncated to 200 characters to prevent excessive output, but no specific sanitization or filtering of LLM-targeted instructions is performed on the extracted strings.
Audit Metadata