reverse-engineering-rust-malware
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate cybersecurity functionality for analyzing Rust binaries. All analysis scripts operate locally on user-provided samples and do not exhibit malicious behaviors such as unauthorized network communication, privilege escalation, or persistence.
- [PROMPT_INJECTION]: The skill processes untrusted binary data and extracts ASCII strings without sanitization, creating a potential surface for indirect prompt injection if the output is subsequently interpreted by an AI agent. Ingestion points: Binary data is read in scripts/agent.py using Path.read_bytes(). Boundary markers: Extracted strings are placed directly into JSON reports without delimiters. Capability inventory: The script is limited to local file reads and report generation. Sanitization: No filtering or escaping is applied to extracted strings. Given the primary purpose of malware analysis, this finding is considered a characteristic of the domain and does not escalate the verdict.
Audit Metadata