ctf-forensics
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The file
network.mdcontains acurlcommand tomacvendors.com. While this is an external network request to a non-whitelisted domain, its purpose is for MAC OUI lookups and does not involve the exfiltration of sensitive local system files. - [EXTERNAL_DOWNLOADS] (LOW): The file
3d-printing.mdreferences the installation of theheatshrink2Python package. This is a legitimate dependency for decompressing PrusaSlicer binary G-code, but it constitutes an external dependency mention. - [COMMAND_EXECUTION] (LOW): The skill provides numerous shell commands for
tshark,grep, andawk. These are intended for forensic analysis of network traffic and G-code files and are consistent with the skill's primary purpose. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a vulnerability surface for indirect prompt injection.
- Ingestion points:
3d-printing.mdparses binary G-code files (.g);network.mdprocesses network capture files (.pcap) viatshark. - Boundary markers: Absent. The scripts do not use delimiters or warnings when processing data from these files.
- Capability inventory: File reading, shell command execution, and network lookups.
- Sanitization: Absent. Data extracted from forensic samples is processed without escaping or validation, which could allow an attacker to embed instructions in a malicious
.gor.pcapfile.
Audit Metadata