idapython
Fail
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides functions
idapython_snippet(code)andidapython_file(path)that directly execute arbitrary Python code within the IDA Pro process context. - Evidence:
SKILL.mddefines SQL functions that map directly to Python execution in the IDA runtime. - [COMMAND_EXECUTION]: By enabling Python execution, the agent can use standard Python libraries (e.g.,
os,subprocess) to execute arbitrary shell commands on the host operating system. - Evidence: Once
PRAGMA idasql.enable_idapython = 1is set, any Python snippet can spawn processes or modify files outside the scope of IDA Pro. - [DATA_EXFILTRATION]: Python execution combined with the
requestslibrary (mentioned in examples) or standard socket libraries allows for the exfiltration of sensitive analysis data, database contents, or local files to remote servers. - Evidence: The example in
SKILL.mddemonstrates usingrequests.postto send data to an external (though local) endpoint. - [DYNAMIC_EXECUTION]: The skill is specifically designed to create and execute code at runtime through SQL query interpolation.
- Evidence: The 'Bridge pattern' example shows Python producing JSON which is then processed by SQL, creating a complex feedback loop where generated data can influence subsequent code execution.
Recommendations
- AI detected serious security threats
Audit Metadata