The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (HIGH): The documentation in 'docs/TOOLS.md' directs users to download and execute binaries from untrusted sources. This includes an unencrypted HTTP link for 'Stegsolve.jar' (http://www.caesum.com/handbook/Stegsolve.jar), which is vulnerable to man-in-the-middle (MITM) attacks. It also uses git clones and manual setup scripts for tools from GitHub organizations not listed as trusted, such as 'volatilityfoundation' and 'ReFirmLabs'.\n- Privilege Escalation (HIGH): Installation instructions in 'docs/TOOLS.md' frequently require 'sudo' for package management, script execution (e.g., 'python3 setup.py install'), and moving binaries to system paths, which could lead to full system compromise if the source is malicious.\n- Indirect Prompt Injection (HIGH): The skill is designed to process untrusted forensic data, creating a critical vulnerability surface.\n
Ingestion points: Memory images (RAW/VMEM/DMP), network traffic captures (PCAP), and images (PNG/JPG) as described in 'modules/memory.md' and 'modules/network.md'.\n
Boundary markers: No delimiters or safety instructions are present to prevent embedded commands in data from influencing agent behavior.\n
Capability inventory: The skill possesses high-privilege capabilities including arbitrary command execution via tool wrappers (Volatility, tshark, binwalk), filesystem write access ('dumpfiles'), and network analysis.\n
Sanitization: There is no evidence of sanitization for file metadata or binary content before it is processed by system tools.\n- Data Exposure & Exfiltration (MEDIUM): The 'modules/memory.md' module automates the extraction of sensitive data such as password hashes ('hashdump'), clipboard contents, and browser history. While intended for forensic analysis, these automated capabilities could be exploited to exfiltrate host data.

CTF Misc Solver