ctf-malware
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill references a third-party GitHub repository (
github.com/Svenskithesource/PyArmor-Unpacker) for unpacking protected Python binaries. This source does not belong to the trusted organizations list, making it an unverifiable dependency. - REMOTE_CODE_EXECUTION (MEDIUM): Under JavaScript Deobfuscation, the skill explicitly instructs the user/agent to 'run the obfuscated code' after replacing
eval. If the agent executes this code in its own environment, it could lead to compromise, especially given that the data being processed is expected to be malicious. - COMMAND_EXECUTION (LOW): The skill provides numerous commands for interacting with potentially malicious binaries, archives, and network captures. While standard for malware analysis, these operations involve inherent risks when handling adversarial files.
- INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to ingest and process untrusted data (malware, PCAPs, Debian packages) using high-privilege tools like
BashandWebFetchwithout explicit sanitization or boundary markers between instructions and data. - Ingestion points:
malware.exe,file.pcap,package.deb, and obfuscated script contents. - Boundary markers: Absent; instructions do not suggest using delimiters to separate malicious content from the prompt context.
- Capability inventory: Includes
Bash(shell execution),WebFetch(network access), andWrite(filesystem access). - Sanitization: Absent; the skill suggests direct execution/processing of extracted payloads.
Audit Metadata