cardputer-buddy
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Local Command Execution: The skill provides commands to run local Python scripts (e.g.,
install_apps.py,push.py) for managing files on a hardware device. These are standard operations for a development workflow. \n- Hardware REPL Execution: Therepl_run.pyutility allows for executing arbitrary Python code on the connected device's REPL. This is a powerful feature for debugging but means the agent can influence the target hardware's state. \n- Data Ingestion Surface: The skill reads serial output from the hardware device viatail_serial.py. As this data originates from an external source, it represents a surface where external content enters the agent's context. \n - Ingestion points: External data is ingested from the serial port using the
tail_serial.pyscript as described inSKILL.md. \n - Boundary markers: No specific boundary markers are utilized to distinguish between device output and agent instructions. \n
- Capability inventory: The skill is capable of executing shell commands and pushing code to a remote MicroPython environment. \n
- Sanitization: The instructions do not specify a process for sanitizing or filtering the serial log stream.
Audit Metadata