yara-authoring
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill incorporates the use of the
yr(YARA-X) command-line toolchain through theBashtool to perform rule syntax checks (yr check), atom analysis (yr debug atoms), and formatting (yr fmt). These operations are essential for the primary function of the skill and are documented according to best practices. - [EXTERNAL_DOWNLOADS]: The skill references the Trail of Bits official GitHub repository for source material and methodology. This is a well-known and trusted source in the security community.
- [PROMPT_INJECTION]: The skill processes external inputs such as malware samples, hashes, and descriptions to generate detection rules. While this introduces a potential surface for indirect prompt injection, it is the fundamental purpose of the skill.
- Ingestion points: Input arguments including
<sample-path|hash|description>and processed malware content. - Boundary markers: No explicit delimiters or instruction-ignore markers are specified in the provided files.
- Capability inventory: The skill possesses the
Read,Write,Bash,Glob, andGrepcapabilities, used for analyzing files and running theyrtoolchain. - Sanitization: No specific sanitization or input validation logic is present in the static scripts provided.
Audit Metadata