rev-idapython
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: In the 'Multiprocess Batch Decompile' section of SKILL.md, the Python script uses os.system() with unsanitized file paths derived from a directory listing. This pattern is vulnerable to command injection if filenames contain shell metacharacters.
- [REMOTE_CODE_EXECUTION]: The skill provides examples of using Appcall to execute arbitrary functions in a debuggee process, including loading external libraries via kernel32_LoadLibraryA. This capability can be exploited to execute unauthorized code in the context of the debugging session if generated or executed based on untrusted input.
- [COMMAND_EXECUTION]: The installation section for IDALib includes instructions to execute local scripts and install local packages. While these are common setup steps for IDA Pro 9.0+, they involve executing code outside the skill's direct content which should be carefully verified in the user's environment.
Audit Metadata