ghidra-headless
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes local bash scripts to locate and invoke the Ghidra headless analyzer. The scripts use array-based command execution to mitigate shell injection, although they allow word splitting for tool-specific arguments during command construction.
- PROMPT_INJECTION (LOW): This skill is a target for indirect prompt injection (Category 8) because it processes untrusted binary data and presents the extracted text to the agent for analysis.
- Ingestion points: The agent ingests decompiled C code and extracted strings from the analyzed binaries via files like output_decompiled.c and output_strings.json.
- Boundary markers: The skill does not use delimiters or provide instructions to the agent to ignore potential commands embedded within the analysis output.
- Capability inventory: The agent has the ability to execute bash commands and read files, which could be exploited if an injection is successful.
- Sanitization: There is no sanitization or escaping of the content extracted from binaries before it is presented to the agent.
Audit Metadata