Skills
skills/hexrayssa/ida-claude-plugins/ida-domain-scripting/Gen Agent Trust Hub

ida-domain-scripting

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill generates Python code based on user requests and executes it using uv run python. This mechanism for dynamic script execution is a core feature but constitutes a significant security risk if the generated code is malicious.
  • [COMMAND_EXECUTION]: The run.py and setup.py scripts make use of subprocess.run to execute system commands, including the generated analysis scripts, git commands for cloning, and environment setup utilities.
  • [EXTERNAL_DOWNLOADS]: The setup.py script downloads the ida-domain library from the vendor's GitHub repository and suggests the official installation method for the uv tool from astral.sh.
  • [PROMPT_INJECTION]: The skill analyzes external binary files, exposing it to indirect prompt injection. 1. Ingestion points: Extracting strings and pseudocode from binaries via db.strings and db.functions. 2. Boundary markers: No delimiters are used to wrap data from the analyzed binary to prevent interpretation as instructions. 3. Capability inventory: Full access to execute shell commands and write to the file system through generated scripts. 4. Sanitization: No validation or filtering is performed on data retrieved from the target binary before processing.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 11:37 AM