Skills
skills/boshu2/agentops/reverse-engineer-rpi/Gen Agent Trust Hub

reverse-engineer-rpi

Warn

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess calls in scripts/reverse_engineer_rpi.py and various shell scripts to run system tools such as git, go, file, otool, ldd, strings, rg, and grep. These tools are used to gather metadata and structural information from the target project being analyzed.
  • [REMOTE_CODE_EXECUTION]: In binary mode, the skill executes the target binary provided by the user using the --help flag to recursively discover commands and subcommands. Although this is gated by a mandatory --authorized flag and execution is wrapped in a timeout within scripts/binary/capture_cli_help.sh, it involves running arbitrary code from an external binary.
  • [EXTERNAL_DOWNLOADS]: The skill clones external Git repositories using git clone from user-supplied URLs and fetches documentation sitemaps from remote URLs using urllib in scripts/fetch_url.py. These operations involve connecting to external servers to retrieve untrusted content.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from analyzed repositories and binary help output, creating an attack surface for indirect prompt injection. \n
  • Ingestion points: scripts/reverse_engineer_rpi.py scans repo files and captures binary output. \n
  • Boundary markers: Absent in generated reports. \n
  • Capability inventory: reverse_engineer_rpi.py uses subprocess.run, git clone, and urllib.request.urlopen. \n
  • Sanitization: Absent; content is extracted and interpolated directly into markdown and YAML output files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 16, 2026, 12:16 PM
Security Audit — agent-trust-hub — reverse-engineer-rpi