performing-ransomware-response
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or unauthorized data exfiltration behaviors were detected.\n- [DATA_EXFILTRATION]: The skill safely handles incident data by reading local ransom notes and generating reports locally. It does not contain hardcoded credentials or transmit sensitive data to unauthorized external endpoints.\n- [COMMAND_EXECUTION]: The provided documentation includes administrative commands for incident containment (e.g., blocking SMB/RDP via netsh). These are provided for reference and are not executed by the automation script.\n- [EXTERNAL_DOWNLOADS]: The skill references well-known and trusted cybersecurity resources such as NoMoreRansom.org and CISA.gov for guidance and decryption tools.\n- [PROMPT_INJECTION]: Although the script processes untrusted ransom note text, it uses static keyword matching rather than an LLM, preventing potential indirect prompt injection attacks.
Audit Metadata