iida-mcp-ida-integration
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an external Windows kernel driver (
iida-mcp-ioctl.sys) and instructions for installing thecapstonelibrary via pip for disassembly features. - [COMMAND_EXECUTION]: Provides tools like
patch_bytesthat allow the agent to modify binary data within the IDA Pro database, and describes commands for installing and starting a system service (sc create,sc start) for the kernel driver component. - [DATA_EXFILTRATION]: The skill exposes powerful memory-reading tools (
read_bytes,kernel_read_memory) and file metadata tools (get_file_info) which could be used by a malicious agent to exfiltrate binary contents or kernel memory. By default, the server listens on0.0.0.0, exposing these capabilities to the network without authentication. - [PROMPT_INJECTION]: Vulnerable to indirect prompt injection (Category 8) as it processes untrusted binary data from IDA Pro.
- Ingestion points: Raw bytes, strings, and decompiled code from binary files loaded in IDA Pro (SKILL.md).
- Boundary markers: None identified in tool outputs like
search_textordecompileto prevent the agent from following instructions embedded in binary strings. - Capability inventory: Memory reading (
read_bytes), memory writing (patch_bytes), and kernel memory access (kernel_read_memory). - Sanitization: No specific sanitization or filtering of analyzed content is mentioned before it reaches the agent context.
Audit Metadata