flash

Warn

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill leverages shell commands including just, esptool, and ls to manage firmware flashing and device detection. In the 'Error Handling' section, the instructions explicitly suggest that the user run sudo chmod 666 /dev/xxx to resolve permission errors. This instruction encourages the use of elevated privileges to grant world-writable permissions to system device nodes, bypassing standard security controls and potentially exposing hardware interfaces to unauthorized processes.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing untrusted data via the $ARGUMENTS variable.
  • Ingestion points: Untrusted user input enters the agent context through the $ARGUMENTS variable defined in SKILL.md.
  • Boundary markers: The skill lacks delimiters or "ignore embedded instructions" warnings when interpreting the content of $ARGUMENTS.
  • Capability inventory: The skill is authorized to execute a broad range of commands via Bash(just:*) and Bash(esptool*), providing a significant capability tier for an attacker to target.
  • Sanitization: There is no evidence of input validation, escaping, or filtering for the data provided in $ARGUMENTS before it influences which command the agent chooses to run.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 02:14 PM
Security Audit — agent-trust-hub — flash