ghidra
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The wrapper script 'ghidra-analyze.sh' executes the Ghidra 'analyzeHeadless' utility using bash arrays. This method prevents shell command injection by treating arguments as literal strings rather than executable shell code.
- [PROMPT_INJECTION] (LOW): Indirect prompt injection surface identified (Category 8). The skill is designed to import, analyze, and decompile untrusted binaries, with the resulting text being returned to the agent. An attacker could craft a binary containing malicious instructions within its strings or metadata intended to manipulate the agent's logic during subsequent processing.
- Evidence Chain for Category 8: 1. Ingestion points: Binary files specified as arguments to the 'ghidra-analyze.sh' script. 2. Boundary markers: Absent; the analysis output (decompiled code, function lists, etc.) is read and processed by the agent without clear delimiters or 'ignore' instructions. 3. Capability inventory: Execution of the Ghidra analyzer, local file system reads/writes for analysis artifacts, and path discovery via 'find'. 4. Sanitization: No evidence of output filtering, sanitization, or escaping is present in the skill's scripts before output is returned to the agent.
Audit Metadata