analysis
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core functionality involves the agent processing and summarizing untrusted data from external binaries.\n
- Ingestion points: The agent ingests untrusted strings, symbol names, and decompiled code through SQL queries to the IDA database, as seen in SKILL.md and the reference files for network and crypto detection.\n
- Boundary markers: The skill's instructions and provided SQL templates lack explicit boundary markers or safety warnings to help the agent distinguish between data to be analyzed and instructions to be followed.\n
- Capability inventory: The agent is granted access to high-privilege tools including Bash, Read, Glob, and Grep as specified in the SKILL.md allowed-tools section.\n
- Sanitization: The skill does not implement or describe any sanitization, filtering, or validation steps for the binary content before it is processed by the agent.
Audit Metadata