The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts scripts/agent.py and scripts/process.py utilize the subprocess module to execute external forensic binaries (e.g., MFTECmd.exe, PECmd.exe). These calls use list-based arguments and default to shell=False, which prevents shell injection while allowing the skill to perform its intended automation tasks.
[EXTERNAL_DOWNLOADS]: The documentation in SKILL.md provides instructions for downloading and updating forensic tools from official and well-known sources, including Kroll and Eric Zimmerman's GitHub. These are standard repositories for the digital forensics and incident response (DFIR) community.
[DATA_EXPOSURE]: The skill is designed to access sensitive Windows forensic artifacts such as registry hives ($SYSTEM, $SAM), event logs, and the $MFT. This access is necessary for the skill's primary purpose of forensic analysis and occurs locally without unauthorized network transmission.
[INDIRECT_PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it ingests untrusted data from the system being analyzed (e.g., file names, registry values, and event log entries) and includes them in human-readable reports.
Ingestion points: Forensic artifacts are read and parsed from the local filesystem in scripts/agent.py and scripts/process.py.
Boundary markers: Not present; artifact data is directly interpolated into CSV and JSON outputs.
Capability inventory: The skill has the ability to execute shell commands (via subprocess) and perform filesystem operations.
Sanitization: The scripts do not perform sanitization of artifact content before reporting, which is typical for forensic tools but creates a potential path for malicious content in an artifact to influence an LLM processing the resulting report.

performing-windows-artifact-analysis-with-eric-zimmerman-tools