foremost
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
foremostbinary directly and calls several local wrapper scripts (e.g.,scripts/foremost/recover-deleted-files.sh) to perform file carving operations. - [DATA_EXFILTRATION]: The skill instructions include commands that access raw block devices, such as
/dev/sda1. Accessing raw partitions allows the reading of all data on a disk, including sensitive system files and deleted data, which constitutes a high-privilege data exposure risk. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by processing untrusted external data (disk images and forensic artifacts).
- Ingestion points: Raw disk images (
.dd), EnCase images (.E01), and physical partitions (/dev/sda1) are processed by the tool. - Boundary markers: There are no specified delimiters or instructions to ignore embedded malicious content within the files being carved.
- Capability inventory: The skill has the capability to execute shell scripts and binary tools that interact with the filesystem.
- Sanitization: There is no evidence of sanitization or validation of the recovered file contents or the
audit.txtlogs generated by the tool before they are potentially analyzed by the agent.
Audit Metadata