flash
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill leverages shell commands including
just,esptool, andlsto manage firmware flashing and device detection. In the 'Error Handling' section, the instructions explicitly suggest that the user runsudo chmod 666 /dev/xxxto resolve permission errors. This instruction encourages the use of elevated privileges to grant world-writable permissions to system device nodes, bypassing standard security controls and potentially exposing hardware interfaces to unauthorized processes. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing untrusted data via the
$ARGUMENTSvariable. - Ingestion points: Untrusted user input enters the agent context through the
$ARGUMENTSvariable defined inSKILL.md. - Boundary markers: The skill lacks delimiters or "ignore embedded instructions" warnings when interpreting the content of
$ARGUMENTS. - Capability inventory: The skill is authorized to execute a broad range of commands via
Bash(just:*)andBash(esptool*), providing a significant capability tier for an attacker to target. - Sanitization: There is no evidence of input validation, escaping, or filtering for the data provided in
$ARGUMENTSbefore it influences which command the agent chooses to run.
Audit Metadata