rev-symbol
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to manually download and install a plugin from the author's GitHub repository (
https://github.com/P4nda0s/IDA-NO-MCP). This repository is a vendor-owned resource used to facilitate the skill's functionality. - [DATA_EXFILTRATION]: The skill suggests using web search tools to look up unique strings, magic numbers, and code patterns identified during binary analysis. This practice can lead to the disclosure of potentially sensitive or proprietary information from the binary to external search engines.
- [PROMPT_INJECTION]: The skill processes untrusted data from decompiled C files and metadata exports, which presents an attack surface for indirect prompt injection.
- Ingestion points: Decompiled files in the
decompile/directory, along withstrings.txt,imports.txt,exports.txt, andmemory/hexdumps. - Boundary markers: No specific delimiters or instructions are provided to the agent to differentiate between analysis data and execution commands.
- Capability inventory: The agent performs file system reads and utilizes web search capabilities based on the ingested data.
- Sanitization: The skill does not implement any validation or sanitization of the content found within the analyzed binary artifacts.
Audit Metadata