The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/agent.py file uses the subprocess module to execute Ghidra's analyzeHeadless tool and Radare2 via r2pipe. These calls are constructed as argument lists rather than shell strings, which follows security best practices to prevent command injection.
[PROMPT_INJECTION]: The skill is designed to process untrusted binary data (Category 8: Indirect Prompt Injection surface).
Ingestion points: Malware samples are ingested via the filepath argument in the main analysis function in scripts/agent.py.
Boundary markers: The SKILL.md documentation provides clear instructions to use an isolated VM for analysis, establishing a logical safety boundary.
Capability inventory: The agent is capable of reading local files, executing analysis sub-processes, and writing output to the /tmp/ directory.
Sanitization: Input paths are passed directly to subprocess argument lists, providing inherent protection against common shell-based injection attacks.
[COMMAND_EXECUTION]: The script scripts/agent.py dynamically generates a temporary Python script (export_functions.py) which is subsequently executed by the Ghidra engine. This generation uses a hardcoded template and is a standard technique for automating Ghidra's headless analyzer.
[SAFE]: The external URLs referenced in SKILL.md point to official project sites like ghidra-sre.org. Examples of malicious URLs in the documentation are properly defanged (e.g., using hxxps and [.]) to prevent accidental execution or navigation.

reverse-engineering-malware-with-ghidra