android-tombstone-symbolication
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches ELF debug symbols from Microsoft's public symbol server (msdl.microsoft.com), which is a well-known and trusted service.
- [EXTERNAL_DOWNLOADS]: Queries NuGet.org (api.nuget.org) to identify .NET runtime versions and downloads .nupkg files for BuildId verification.
- [COMMAND_EXECUTION]: Executes llvm-symbolizer and llvm-readelf to resolve memory addresses to function names and source code lines. These tools are typically part of the Android NDK or standard LLVM distributions.
- [PROMPT_INJECTION]: Evaluated for Indirect Prompt Injection risks related to tombstone parsing.
- Ingestion points: Reads user-supplied tombstone files in scripts/Symbolicate-Tombstone.ps1.
- Boundary markers: No explicit delimiters are used in the prompt instructions.
- Capability inventory: Includes file reading, network access, and subprocess execution (llvm-symbolizer).
- Sanitization: The script uses specific regular expressions to parse frame data, ensuring only expected hexadecimal values and library names are passed to the symbolization tools.
Audit Metadata