ghidra-cli
Warn
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill implements a comprehensive CLI for system interaction, including commands to import files, modify binary data via patching, and execute external script files using
ghidra script run PATH. - [REMOTE_CODE_EXECUTION]: The skill features direct mechanisms for dynamic code execution via the
ghidra script python CODEandghidra script java CODEcommands. These allow for the execution of arbitrary, runtime-generated code strings within the Ghidra environment. - [DATA_EXFILTRATION]: The toolset includes powerful data access capabilities such as
ghidra memory read,ghidra strings list, andghidra program export. If misdirected, these could be leveraged to extract sensitive information from system memory or proprietary binaries. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to analyze untrusted data sources (binaries). Malicious content within a processed binary could contain instructions disguised as data to influence the agent's behavior.
- Ingestion points: Untrusted binaries are ingested via the
ghidra importandghidra analyzecommands (SKILL.md). - Boundary markers: No specific delimiters or safety instructions are defined to separate analyzed data from agent instructions.
- Capability inventory: The skill possesses high-impact capabilities including arbitrary code execution (
script python/java), binary modification (patch bytes/nop), and system-level file exports (program export,graph export). - Sanitization: No sanitization or validation of strings, function names, or other binary metadata is performed before presentation to the agent.
Audit Metadata