The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted data from the SDK codebase and hardware serial ports to guide its actions and command execution.
Ingestion points: The agent reads SDK source files, CMake configuration files, Kconfig files, and live serial logs via a bundled Python script.
Boundary markers: None identified; there are no instructions to isolate ingested data or treat it as potentially malicious content.
Capability inventory: The skill possesses powerful capabilities including Bash execution (for builds and flashing), file system writes, and network access via WebFetch.
Sanitization: There is no evidence of sanitization or validation of the content read from the codebase or serial ports before it is used to construct shell commands or influence agent logic.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute several sensitive operations, including running build scripts (build.sh), firmware flashing utilities (cskburn), and system process management commands (fuser and kill) used to terminate processes holding serial port locks.
[EXTERNAL_DOWNLOADS]: The skill utilizes the WebFetch tool to retrieve documentation and configuration guidelines from docs2.listenai.com, which is the official documentation domain for the supported SDK.
[DATA_EXFILTRATION]: The skill's design involves reading SDK source code and capturing serial debug logs. While these are legitimate development tasks, the combination of extensive local file access and outbound network capabilities (WebFetch) represents a data exposure surface.

sdk-assistant-agent