The Agent Skills Directory

[PROMPT_INJECTION]: The skill contains instructions that explicitly mandate the agent prioritize its own custom hashing logic over built-in system security tools (e.g., "Never default to AV", "must never be the default option"). This steers agent behavior away from native security defaults.
[COMMAND_EXECUTION]: The skill executes various system commands (PowerShell Get-ChildItem, Get-Process; Linux find) and runs a local Python script (scripts/hash-checker.py) to perform system-wide file scanning and hashing.
[DATA_EXPOSURE]: The skill's primary function involves accessing and scanning high-risk directories, including browser data folders containing sensitive files like Login Data and Cookies.
[EXTERNAL_DOWNLOADS]: The workflow uses curl to query the VirusTotal API. These lookups target a well-known security service and are documented neutrally.
[INDIRECT_PROMPT_INJECTION]:
Ingestion points: The skill ingests untrusted data from the file system (file names, paths) and remote API responses (VirusTotal JSON).
Boundary markers: Absent. No specific markers are used to isolate untrusted data during processing.
Capability inventory: The skill has the capability to read/write files (quarantine), execute system commands, and perform network requests.
Sanitization: Absent. No evidence of input validation or output escaping for system command parameters derived from file names.

infostealer-malware-detector