binary-triage
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill is designed to process untrusted data from binaries which is an inherent risk of analysis tools. 1. Ingestion points: Strings, symbols, and decompiled code from the target binary (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: TodoWrite (SKILL.md) and various read-only analysis tools. 4. Sanitization: Absent. The risk is considered SAFE because the skill's purpose is human-driven triage and documentation, and it does not facilitate automated execution of the ingested data.
- [Data Exposure] (SAFE): Instructions to search for keywords like 'password' or 'credential' refer to identifying strings within the binary under analysis for forensic purposes and do not involve accessing the host's sensitive data.
- [Command Execution] (SAFE): The skill utilizes internal analysis tools for survey purposes and does not invoke shell commands or execute the binary being triaged.
Audit Metadata