headless-ghidra-evidence
Headless Ghidra Third-Party — P2
P2 reviews baseline and runtime YAML to identify third-party libraries, record
local pristine source directories, and classify functions for later metadata
enrichment. Source download or acquisition is outside the CLI; the CLI records
source_path, pristine_path, version, confidence, and evidence.
Required ghidra-agent-cli Commands
ghidra-agent-cli functions listghidra-agent-cli functions showghidra-agent-cli imports listghidra-agent-cli constants listghidra-agent-cli strings listghidra-agent-cli vtables listghidra-agent-cli types listghidra-agent-cli callgraph listghidra-agent-cli callgraph callersghidra-agent-cli callgraph callees
More from bytelandtechnology/headless-ghidra
headless-ghidra
Entry skill for the Headless Ghidra YAML-first reverse-engineering pipeline. Use when the user asks to analyze, decompile, triage, resume, or iterate on a binary target with Ghidra/headless-ghidra. Reads artifacts/<target>/pipeline-state.yaml, routes P0–P4 phase skills, runs gate checks, and manages review pauses. Performs zero analysis work itself.
37headless-ghidra-intake
P0 phase skill for Headless Ghidra intake. Use when a target binary/archive needs identity confirmation, workspace initialization, Ghidra discovery, binary inspection, or analysis scope setup before any Ghidra analysis runs.
35headless-ghidra-batch-decompile
P4 phase skill for Headless Ghidra selected function substitution. Use after P3 when an approved batch of functions should have metadata applied, be decompiled through Ghidra, and be recorded as per-function capture/substitution YAML.
35headless-ghidra-baseline
P1 phase skill for Headless Ghidra baseline and runtime evidence. Use after P0 when the target must be imported into Ghidra, auto-analyzed, exported to baseline YAML, and given reproducible runtime or hotpath observations without decompiling function bodies.
30headless-ghidra-discovery
P3 phase skill for Headless Ghidra metadata discovery. Use after P2, or after a P4 batch exposes missing context, to enrich function names, signatures, types, constants, strings, and hotpath metadata in YAML before serialized CLI apply.
30headless-ghidra-frida-verify
Deprecated compatibility-only P6 alias: runtime observation is now part of P1/P4 hand-offs.
27