debugger
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill configuration allows the use of the
Bashtool, which permits the agent to execute arbitrary shell commands on the host environment.- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection during the analysis of untrusted binaries. - Ingestion points: Untrusted data enters the agent context through disassembly tables and byte-reading functions, such as
disasm_calls,funcs, andbytes(SKILL.md). - Boundary markers: The instructions lack explicit boundary markers or warnings to the agent to ignore or escape natural language instructions found within binary strings or metadata.
- Capability inventory: The agent has access to impactful capabilities including shell command execution (
Bash), direct binary patching (patch_byte,patch_word), and host file reading (load_file_bytes) (SKILL.md). - Sanitization: There is no evidence of sanitization, validation, or escaping of strings extracted from the binary before they are used in agent logic.
Audit Metadata