The Agent Skills Directory

[SAFE]: The skill implements legitimate static malware analysis workflows using industry-standard libraries and provides guidelines for safe execution within isolated environments.\n- [EXTERNAL_DOWNLOADS]: References the 'pefile' Python library and the VirusTotal API. Both are well-known and established resources in the cybersecurity community for binary analysis and threat intelligence.\n- [COMMAND_EXECUTION]: Includes standard shell commands for file hashing (md5sum, sha256sum) and string extraction (strings, grep). These are routine utilities for malware triage and do not represent a security risk when used as documented.\n- [PROMPT_INJECTION]: The skill processes untrusted binary data, which creates a potential surface for indirect prompt injection if an attacker-controlled string is interpreted by the agent as an instruction.\n
Ingestion points: Untrusted data is ingested through the parsing of user-provided PE files in scripts/agent.py.\n
Boundary markers: Absent; the skill does not use delimiters or specific warnings to isolate extracted strings from the agent's core instructions.\n
Capability inventory: The agent.py script possesses file system write capabilities to extract embedded resources.\n
Sanitization: None; raw binary data and strings are extracted and printed to the output without sanitization or escaping.

performing-static-malware-analysis-with-pe-studio