flash-openocd
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/openocd_flasher.pyexecutes theopenocdcommand-line utility viasubprocess.run. While it uses list-based arguments to mitigate shell injection, the script constructs these commands using inputs derived from the local environment and user arguments. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by automatically scanning the workspace for
openocd*.cfgfiles and parsing.vscode/launch.jsonto extract flashing parameters. A malicious repository could contain crafted configuration files designed to inject unexpected arguments into the OpenOCD process. - Ingestion points: The
scan_openocd_configsfunction inscripts/openocd_flasher.pyreads configuration paths and server arguments from.vscode/launch.jsonand the file system. - Boundary markers: No delimiters or instructions are used to separate untrusted configuration data from the command logic.
- Capability inventory: The skill possesses the capability to execute system commands and perform file system discovery through
scripts/openocd_flasher.py. - Sanitization: The script does not validate or sanitize the strings retrieved from the workspace configuration files before appending them to the command-line argument list.
Audit Metadata