Skills
skills/hexrayssa/ida-claude-code-plugins/ida-domain-scripting/Gen Agent Trust Hub

ida-domain-scripting

Fail

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The run.py script executes agent-generated Python code using subprocess.run. This allows the skill to perform complex reverse engineering tasks but also enables the execution of arbitrary code on the host system within the IDA Pro environment.
  • [EXTERNAL_DOWNLOADS]: The setup.py script clones the ida-domain repository from GitHub (https://github.com/HexRaysSA/ida-domain.git) and fetches release information from the GitHub API. These resources are owned by the skill's author. Additionally, the setup script provides documentation recommending the installation of the uv package manager via a piped shell command from astral.sh.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of dynamically generated scripts, creating a potential surface for indirect prompt injection when analyzing untrusted binaries.
  • Ingestion points: Target binary files or IDA database files (.i64/.idb) processed by the skill via run.py.
  • Boundary markers: Absent; there are no specific markers or instructions to prevent the agent from being influenced by data found within analyzed binaries.
  • Capability inventory: The skill has the ability to write files to /tmp and execute arbitrary Python code using subprocess.run in run.py.
  • Sanitization: No validation or sanitization is performed on the data extracted from binary files before it is processed by the agent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
May 14, 2026, 02:23 PM