The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes high-privilege system commands to perform incident response tasks, including network isolation via iptables, management of Windows Volume Shadow Copies using vssadmin, and modification of system registries using reg. These capabilities are necessary and appropriate for the skill's primary purpose in cybersecurity operations.
[EXTERNAL_DOWNLOADS]: The automation scripts and markdown workflows reference and interact with well-known security services such as CrowdStrike's API for endpoint containment and MalwareHunterTeam's ID Ransomware for variant identification. These interactions are directed towards reputable industry domains.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by reading and displaying content from ransom notes located on the local file system. If an AI agent processes the resulting JSON reports, it could inadvertently execute instructions embedded within the malicious ransom note.
Ingestion points: File reading operations in scripts/agent.py and scripts/process.py which capture the contents of ransom note files.
Boundary markers: The skill does not implement delimiters or specific instructions to the agent to ignore instructions found within the scanned data.
Capability inventory: The skill has access to sensitive operations including file deletion, network rule modification, and service management.
Sanitization: There is no evidence of sanitization or filtering applied to the text extracted from the ransom notes before it is included in the output report.

performing-ransomware-incident-response