memory-forensics
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Provides commands for memory acquisition and analysis, including the use of
sudoon Linux and macOS to access kernel memory devices (/dev/mem) and load extraction modules (LiME). - [EXTERNAL_DOWNLOADS]: Recommends installing the Volatility 3 framework via pip and fetching official symbol tables from the Volatility Foundation's domain.
- [COMMAND_EXECUTION]: Includes instructions for running various forensic utilities such as
strings,grep, andflossto extract and analyze data from memory images. - [INDIRECT_PROMPT_INJECTION]: The skill is designed to process external, untrusted data in the form of memory dumps (
memory.raw). - Ingestion points: Memory dump files processed by Volatility plugins (e.g.,
windows.pslist,linux.bash). - Boundary markers: Absent; forensic data is processed directly as raw binary or text output.
- Capability inventory: Executes shell commands, writes to the local filesystem via redirection, and installs Python packages.
- Sanitization: No sanitization is performed on the contents of the memory dumps being analyzed.
Audit Metadata