ctf-malware
Warn
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform dynamic analysis by executing suspicious binaries directly (e.g.,
./suspicious) and using monitoring tools likestraceorltrace. Executing untrusted code poses a significant risk of host environment compromise. - [COMMAND_EXECUTION]: The skill utilizes
sudo tcpdumpfor network traffic analysis. The use of elevated privileges for running complex analysis tools increases the attack surface for privilege escalation. - [EXTERNAL_DOWNLOADS]: The skill installs numerous third-party security libraries and tools via
pip,apt, andbrew. It also directs the user to download and use specialized tools from GitHub repositories, such asdnSpyandPyArmor-Unpacker, which introduces supply chain risks. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted external data such as malware samples, PCAP files, and memory dumps which may contain adversarial instructions targeting the agent.
- Ingestion points: Processes potentially malicious files including
malware.exe,suspicious_file,capture.pcap, andmemory.dmpacross all documentation files. - Boundary markers: Absent. There are no instructions to the agent to treat the content of analyzed files as untrusted or to use delimiters to prevent command execution from data.
- Capability inventory: The agent is granted extensive capabilities including file system modification, network access, and the ability to execute arbitrary bash and Python code.
- Sanitization: No sanitization or escaping of the content extracted from analyzed files is performed before it is processed or displayed in the agent's context.
Audit Metadata