headless-ghidra-discovery
Installation
SKILL.md
Headless Ghidra Metadata Enrichment — P3
P3 enriches function metadata from third-party evidence and the P1 runtime
hotpath call-chain. Analysis work may be parallelized while producing YAML, but
all writes back to the Ghidra project must go through serialized
ghidra-agent-cli ghidra ... commands.
Required ghidra-agent-cli Commands
ghidra-agent-cli workspace state showghidra-agent-cli functions listghidra-agent-cli callgraph callersghidra-agent-cli callgraph calleesghidra-agent-cli metadata enrich-functionghidra-agent-cli metadata validateghidra-agent-cli hotpath validateghidra-agent-cli ghidra apply-renamesghidra-agent-cli ghidra verify-renamesghidra-agent-cli ghidra apply-signaturesghidra-agent-cli ghidra verify-signaturesghidra-agent-cli gate check --phase P3
Inputs
artifacts/<target-id>/pipeline-state.yamlartifacts/<target-id>/runtime/hotpaths/call-chain.yamlartifacts/<target-id>/third-party/identified.yamlartifacts/<target-id>/baseline/functions.yamlartifacts/<target-id>/baseline/callgraph.yamlartifacts/<target-id>/baseline/types.yaml
Outputs
artifacts/<target-id>/metadata/renames.yamlartifacts/<target-id>/metadata/signatures.yamlartifacts/<target-id>/metadata/types.yamlartifacts/<target-id>/metadata/constants.yamlartifacts/<target-id>/metadata/strings.yamlartifacts/<target-id>/metadata/apply-records/
Exit Expectations
- Every function in
runtime/hotpaths/call-chain.yamlhas an explicit recovered name and signature before P4 starts. - Metadata enrichment YAML is applied to the Ghidra project only through CLI commands under the CLI lock.
- The enrichment is reproducible from recorded baseline, runtime, and third-party evidence.
Constraints
- Do not decompile anything in this phase.
- Do not rewrite historical per-function outputs.
- Do not bypass
ghidra-agent-clifor supported state, baseline, callgraph, metadata, Ghidra apply, or gate operations. - Do not create or run a new Ghidra script if the CLI lacks a capability; pause and ask the user first.
Next Step
- P3 gate passes →
headless-ghidra-batch-decompile
Related skills
More from bytelandtechnology/headless-ghidra
headless-ghidra-intake
P0 phase skill for Headless Ghidra intake. Use when a target binary/archive needs identity confirmation, workspace initialization, Ghidra discovery, binary inspection, or analysis scope setup before any Ghidra analysis runs.
35headless-ghidra-evidence
P2 phase skill for Headless Ghidra third-party evidence. Use after P1 to review baseline/runtime artifacts, identify or rule out third-party code, record pristine sources, classify functions, and capture evidence before metadata recovery.
35