binary-archaeologist
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts raw ASCII strings from untrusted binary files and includes them in its output reports without sanitization. An attacker could embed malicious instructions in a binary designed to hijack the behavior of an agent processing the skill's findings.\n
- Ingestion points: The
analyzeBinaryFilefunction insrc/lib.tsreads data from files at paths specified by the user via the--inputargument.\n - Boundary markers: There are no protective delimiters or instructions included in the output report to prevent an agent from inadvertently following instructions found within the extracted strings.\n
- Capability inventory: The skill utilizes filesystem read/write operations through Node.js built-ins and internal
@agent/coreutilities to perform analysis and save forensic reports.\n - Sanitization: The code extracts all printable sequences of 4 or more characters without any filtering, validation, or escaping of potentially harmful instruction patterns.
Audit Metadata