Skills
skills/leokemp223/embed-ai-tool/flash-platformio/Gen Agent Trust Hub

flash-platformio

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/pio_flasher.py executes the pio CLI tool using subprocess.run to perform firmware uploads. It uses a list of arguments rather than a shell string, which is a secure practice that prevents shell injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill requires the PlatformIO core (CLI) to be pre-installed on the host system. It does not perform any unauthorized or hidden downloads of external scripts or binaries.
  • [DYNAMIC_EXECUTION]: The script scripts/pio_flasher.py dynamically modifies sys.path to import helper modules from a sibling directory (build-platformio). This is a common pattern for sharing code between related local skills and does not involve executing untrusted or remote code.
  • [INDIRECT_PROMPT_INJECTION]: The skill parses platformio.ini files to determine build environments. While this involves processing user-controlled files, the data is used strictly for constructing CLI arguments for the trusted pio tool and does not influence the agent's behavior in a malicious way.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 06:24 AM