Skills
skills/lv416e/dotfiles/dwarf-expert/Gen Agent Trust Hub

dwarf-expert

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute standard diagnostic commands such as llvm-dwarfdump, readelf, and grep to extract and filter debug information from binary files.
  • [EXTERNAL_DOWNLOADS]: References authoritative documentation and source code from trusted locations including the official DWARF standard website (dwarfstd.org) and well-known GitHub repositories for projects like LLVM, libdwarf, and pyelftools.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted binary data that could contain maliciously crafted DWARF metadata designed to influence agent behavior.
  • Ingestion points: The skill reads and parses user-provided binary files via tools like dwarfdump and readelf (documented in SKILL.md and reference/dwarfdump.md).
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands in the parsed output are provided.
  • Capability inventory: The skill has access to Bash (for command execution) and WebSearch, which could be exploited if the agent obeys instructions found within debug metadata.
  • Sanitization: There is no evidence of sanitization or validation of the DWARF content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 10:35 PM