The Agent Skills Directory

[COMMAND_EXECUTION]: The provided analysis script uses unsafe shell execution patterns when calling the UPX utility.
Evidence: In scripts/agent.py, the unpack_upx function uses subprocess.run(cmd, shell=True) where cmd is a formatted string containing the filepath and output_path. These paths are derived from sys.argv[1] without sanitization.
Impact: If a user or an automated process provides a filename containing shell metacharacters (e.g., ; rm -rf /), it could lead to arbitrary command execution on the host analysis machine.
[PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted data (malware binaries), which introduces an indirect prompt injection surface.
Ingestion points: The scripts/agent.py script and the Python snippets in SKILL.md ingest raw binary data and PE header information from potentially malicious files.
Boundary markers: Absent. The skill does not provide instructions to the AI agent to use delimiters or to disregard natural language instructions that might be embedded in the malware's strings or metadata.
Capability inventory: The skill utilizes subprocess execution (upx), file reading (pefile, open), and file writing (open("wb")).
Sanitization: Absent. The scripts extract and display section names, import names, and entropy values directly from the binary without sanitizing the strings for potential escape sequences or malicious content.
[EXTERNAL_DOWNLOADS]: The skill references external tools and software repositories for malware analysis.
Evidence: SKILL.md directs users to download UPX from upx.github.io and install packages via apt install upx-ucl.
Note: These references target well-known and official technology services and do not involve automated execution of untrusted remote code within the skill itself.

analyzing-packed-malware-with-upx-unpacker