The Agent Skills Directory

[PROMPT_INJECTION]: The skill identifies and processes untrusted ransom note content, which is a potential vector for indirect instructions.
Ingestion points: The scripts/agent.py script reads ransom note files from a user-provided path.
Boundary markers: Content is read directly without delimiters or guardrail instructions.
Capability inventory: The script's operations are limited to local file system reads, JSON report generation, and console logging.
Sanitization: No sanitization is performed on the note text before inclusion in the final report.
[DATA_EXFILTRATION]: The procedure recommends transferring ransom note snippets and file samples to external services like ID Ransomware for identification. This is a standard security practice involving the intentional transfer of local artifact data to a well-known domain.
[COMMAND_EXECUTION]: The documentation includes standard administrative commands for firewall configuration and Active Directory management, which are required for incident containment but necessitate elevated system privileges.

performing-ransomware-response