Skills
skills/tsale/awesome-dfir-skills/malware-analysis/Gen Agent Trust Hub

malware-analysis

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill extracts strings and metadata from untrusted malware samples and prepares them for LLM analysis, creating a surface for indirect prompt injection. \n
  • Ingestion points: File content in scripts/generate_report.py is processed via analyze_file and extract_from_file calls. \n
  • Boundary markers: The formatted output in format_as_text uses standard ASCII separators (e.g., ===, ---) but lacks explicit protective instructions for the LLM to ignore embedded commands. \n
  • Capability inventory: The script performs local file writes (Path.write_text) and initiates network API calls. \n
  • Sanitization: IOC extraction utilizes defang=True, but other extracted strings and metadata are not sanitized for LLM safety. \n- Network Operations (LOW): The script (via the MalwareTriage module) queries external threat intelligence APIs including VirusTotal and AbuseIPDB. While these activities are inherent to the primary function of the skill, they represent communication with non-whitelisted external domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:15 PM