The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs users to execute potentially malicious binary samples using tracing tools like strace and ltrace, or within Docker containers to monitor behavior.
[EXTERNAL_DOWNLOADS]: The skill recommends installing various third-party security tools and Python libraries such as pefile, pyelftools, and yara-python for binary inspection.
[INDIRECT_PROMPT_INJECTION]: The skill's core function is to ingest untrusted data in the form of malware binaries (SKILL.md) and sandbox JSON reports (references/dynamic-analysis.md). Although it includes boundary markers such as warnings to use isolated environments, the capability inventory includes binary execution and file system access. It relies on third-party libraries for parsing, which could be vulnerable to maliciously crafted files designed to compromise the analysis environment.

malware-analysis-methodology