The Agent Skills Directory

[COMMAND_EXECUTION]: The workflow in SKILL.md includes commands requiring administrative privileges, specifically sudo apt-get install steghide stegsnow, which allows the agent to modify system-level configurations. Furthermore, the scripts/agent.py script executes various external binary tools such as binwalk, zsteg, and steghide using the subprocess.run method.
[EXTERNAL_DOWNLOADS]: The skill requires the retrieval and installation of multiple external packages and forensic tools from repositories using apt, pip, and gem (e.g., stegoveritas, zsteg, steghide) as part of its setup and analysis processes.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its handling of untrusted media files:
Ingestion points: The agent ingests data from external media files (images, audio, etc.) provided during the analysis workflow.
Boundary markers: The instructions lack delimiters or safety guardrails to ensure that content hidden within media files is not interpreted as instructions by the agent.
Capability inventory: The skill has powerful capabilities, including the ability to execute system commands via subprocess.run and write data to the filesystem, which could be exploited if malicious commands are hidden in processed files.
Sanitization: There is no logic present to sanitize or validate extracted data or file content before it is processed or incorporated into reports.

performing-steganography-detection