idapython
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill establishes an attack surface for Indirect Prompt Injection. It documents functions to ingest untrusted data from binary files (e.g., strings and names) while providing high-privilege execution capabilities. Malicious binaries can contain crafted data that, when interpreted by the agent, override its instructions.\n
- Ingestion points:
idautils.Strings()(docs/idautils.md),ida_name.get_name()(docs/ida_name.md),ida_bytes.get_bytes()(docs/ida_bytes.md).\n - Boundary markers: None.\n
- Capability inventory:
ida_dbg.start_process(),ida_expr.exec_idc_script(),ida_bytes.patch_bytes(),ida_loader.load_plugin().\n - Sanitization: None.\n- [COMMAND_EXECUTION] (HIGH): The
ida_dbgmodule (docs/ida_dbg.md) exposes functions to start and attach to processes (start_process,attach_process), enabling the agent to execute arbitrary code on the host system via the debugger.\n- [REMOTE_CODE_EXECUTION] (HIGH): Theida_exprmodule (docs/ida_expr.md) allows the agent to compile and execute IDC scripts (exec_idc_script,compile_idc_text), which facilitates dynamic code execution that could be exploited if the agent processes untrusted inputs.
Recommendations
- AI detected serious security threats
Audit Metadata