The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The file resources/scripts/radare2-triage.py contains a vulnerability in the disassemble_function method (line 117). It uses an f-string to interpolate the func_name variable directly into a radare2 command string: self.r2.cmd(f'pdf @ {func_name}'). Since radare2 commands can execute shell commands (e.g., via the ! prefix), a maliciously crafted function name provided via the --functions argument could lead to arbitrary OS command execution. This is downgraded from HIGH because it is a specialized tool intended for binary analysis.\n- [PROMPT_INJECTION] (LOW): The skill performs indirect prompt injection (Category 8) by design. Both ioc-extractor.js and radare2-triage.py ingest untrusted data from binary files (IOCs, strings, and metadata) and output them into reports. If an AI agent later consumes these reports, instructions embedded within the binary could influence the agent's behavior. Evidence: Ingestion in ioc-extractor.js (line 72) and radare2-triage.py (line 123); No boundary markers or sanitization are implemented for the extracted text content.\n- [EXTERNAL_DOWNLOADS] (LOW): The scripts reference several external dependencies including yargs, chalk, axios, validator (Node.js) and r2pipe (Python). While these are standard libraries, they represent a dependency on external package registries for the skill to be fully functional.

reverse-engineering-quick-triage