ctf-reverse
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill establishes an attack surface where an agent processes untrusted binary data. Evidence: 1. Ingestion points: Binaries, APKs, and WASM files processed by tools like GDB, Radare2, and Ghidra. 2. Boundary markers: None present in the provided snippets to delimit untrusted tool output. 3. Capability inventory: Arbitrary binary execution via GDB/Radare2 and compilation of generated source code via GCC. 4. Sanitization: None identified.
- Dynamic Execution (LOW): The reference contains instructions for runtime compilation (GCC, LLC) and unsafe deserialization (Python marshal module). While standard for the reverse engineering domain, these are flagged as LOW risk findings due to the potential for code execution from untrusted inputs.
- Command Execution (LOW): Provides numerous examples of command-line instructions for binary analysis, debugging, and system interaction.
Audit Metadata