pyghidra-scripting

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The run-script tool allows for the execution of arbitrary Python code within the active Ghidra session. This capability is the primary function of the skill, intended to provide users with direct access to the Ghidra Flat API and decompiler internals for automated analysis.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by facilitating the ingestion of untrusted data from binaries (e.g., strings via DefinedDataIterator.definedStrings, symbol names via getSymbol, and decompiler output as shown in SKILL.md and references/recipes.md). Malicious content embedded in a binary's metadata or data sections could attempt to influence the agent's logic. While the provided recipes utilize structural boundaries (via json.dumps) for data return and basic sanitization, the agent retains powerful capabilities, including arbitrary Python execution (run-script) and file system modification (write-script), which could be leveraged in a multi-step attack.
  • [DATA_EXFILTRATION]: The skill includes functionality to read, write, and edit Python scripts on the local file system within Ghidra's registered script directories. These management tools are necessary for script persistence but represent a potential vector for unauthorized file access if misused.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 04:18 PM
Security Audit — agent-trust-hub — pyghidra-scripting