Analysis Map and Safety Boundary¶

Safety boundary: This workbook performs static analysis of sanitized excerpts, fake fixtures, and derived public metadata. It does not execute attacker code, inspect the analyst's environment, or contact any network.

Question and Method¶

This technical appendix reconstructs how a commenter-supplied ZIP archive crossed trust boundaries:

GitHub Issue created by agent
  -> Attacker comments on the issue
  -> ZIP attachment supplied as fix
  -> Agent ingests issue context
  -> Agent extracts archive
  -> Executable payload discovered (core_fix_v2.exe)
  -> Target: Agent execution bridge / Human maintainer

The notebooks analyze this threat path without executing the code. Their governing rule is:

capability != observed execution != proven transmission

Static features demonstrate code capability. Runtime audit logs establish execution. Network trace telemetry is required to prove completed transmission.

Artifact and Publication Map¶

Layer Artifact Public treatment Reason
Issue Comment issue details / commenter metadata sanitized overview ingress carrier
ZIP Archive core_fix_v2.zip file checksums & index delivery wrapper
Executable Payload core_fix_v2.exe static PE characteristics raw payload withheld
C2 / Network Path public IOCs logical path analysis no live contact
In [ ]:
layers = [
    {"step": 1, "boundary": "collaboration plane -> agent context", "question": "What is the ingress source?"},
    {"step": 2, "boundary": "context ingestion -> archive extraction", "question": "Does the agent unzip the file?"},
    {"step": 3, "boundary": "archive extraction -> file inspection", "question": "What files are discovered?"},
    {"step": 4, "boundary": "discovered files -> tool execution", "question": "Does the agent execute the PE binary?"},
]
layers