malware-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: The skill (SKILL.md) ingests untrusted data through malware samples and YARA rules provided via the CLI and API endpoints.
- Boundary markers: The documentation lacks mention of delimiters or instructions to ignore potential commands embedded within analyzed samples.
- Capability inventory: The skill (SKILL.md) performs network operations to vendor and well-known analysis services, reads local files, and executes commands through the CLI.
- Sanitization: There is no evidence of sanitization for the strings or behavioral data extracted from samples before they are processed by the agent.
Audit Metadata