binary-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill is designed to ingest and process untrusted binary files using tools like
strings,nm, andobjdump. An attacker can craft a malicious binary with embedded instructions in symbol names, strings, or headers. Since the agent uses the output of these tools to guide its next steps and possesses powerful capabilities likeBashandWrite, it could be tricked into performing harmful actions on the host system. - Ingestion points: Binary files (
<binary>) provided as input to analysis tools. - Boundary markers: None present; tool output is processed directly by the agent.
- Capability inventory:
Bashtool (arbitrary command execution),Writetool (filesystem modification), and Python execution. - Sanitization: None; the skill lacks filtering or validation for tool output before it reaches the LLM context.
- [COMMAND_EXECUTION] (HIGH): The skill provides the agent with the ability to execute arbitrary bash commands and Python scripts. While intended for legitimate binary analysis (e.g.,
checksec,pwntools), this level of access is dangerous if the agent's logic is compromised by malicious input. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill relies on numerous specialized third-party tools such as
pwntools,cwe_checker,ROPgadget,one_gadget,qira, andTriton. If these are not pre-installed from trusted sources, they represent a significant supply-chain risk and a vector for remote code execution during the environment setup phase.
Recommendations
- AI detected serious security threats
Audit Metadata