review-firmware

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted firmware code which presents an indirect prompt injection surface.
  • Ingestion points: External code is ingested into the agent context via the Read tool and git diff command results as instructed in SKILL.md.
  • Boundary markers: The instructions lack delimiters (such as XML tags or specific markdown blocks) or warnings to the agent to ignore embedded instructions within the firmware comments or code.
  • Capability inventory: The skill utilizes Bash(git:*), Read, Grep, and Glob tools to inspect the file system and version history.
  • Sanitization: No sanitization, escaping, or validation logic is present to handle potentially malicious instructions embedded in the analyzed data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 08:45 AM
Security Audit — agent-trust-hub — review-firmware