The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/agent.py file uses the subprocess module to execute the Ghidra analyzeHeadless utility to automate disassembly and decompilation tasks.
[COMMAND_EXECUTION]: The agent dynamically generates a Python script (export_functions.py) which is then executed within the Ghidra environment to automate data extraction.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted malware binaries that may contain malicious instructions in their strings or metadata. Ingestion points: Malware binaries are analyzed via r2pipe and Ghidra in scripts/agent.py. Boundary markers: No explicit markers or instructions to ignore embedded content are provided in the workflow. Capability inventory: The agent can execute shell commands via subprocess.run and write files to the disk. Sanitization: The skill does not sanitize strings or metadata extracted from binary files before reporting them.
[EXTERNAL_DOWNLOADS]: The documentation references downloading Ghidra from its official website (ghidra-sre.org), which is a well-known service for security analysis tools.

reverse-engineering-malware-with-ghidra