Skills
skills/leokemp223/embed-ai-tool/flash-jlink/Gen Agent Trust Hub

flash-jlink

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/jlink_flasher.py executes the JLinkExe utility using the subprocess module. It passes commands via a temporary command file (-CommandFile), which is the recommended secure method for automating the SEGGER J-Link Commander and prevents shell injection vulnerabilities.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface in scripts/jlink_flasher.py via the scan_jlink_configs function, which reads .vscode/launch.json and .jlink files from the workspace. While this is used for legitimate device and configuration discovery, untrusted workspace content could potentially influence the parameters passed to the flashing tool or the agent's interpretation of the project state.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 02:26 PM