skills/mukul975/anthropic-cybersecurity-skills/validating-tpm-measured-boot-attestation/Gen Agent Trust Hub
validating-tpm-measured-boot-attestation
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several system commands related to TPM 2.0 management and attestation.
- Evidence: In
scripts/agent.py, therun()function usessubprocess.run()to execute binaries includingtpm2_pcrread,tpm2_eventlog,tpm2_createprimary,tpm2_create,tpm2_load,tpm2_readpublic,tpm2_quote, andtpm2_checkquote. - Safety Note: Commands are executed using list-based arguments without a shell (
shell=Falseequivalent), which protects against standard shell injection vulnerabilities. The operations are consistent with the skill's stated purpose of hardware integrity verification. - [PRIVILEGE_ESCALATION]: The skill instructions and scripts involve operations that require elevated privileges (root/sudo).
- Evidence:
SKILL.mdinstructs the user to runsudo python scripts/agent.py. This is necessary because the TPM device nodes (/dev/tpm0) and kernel measurement logs (/sys/kernel/security/tpm0/binary_bios_measurements) are typically restricted to the root user. - [INDIRECT_PROMPT_INJECTION]: The skill processes external data that could theoretically contain malicious instructions.
- Ingestion points:
scripts/agent.pyreads the binary BIOS measurement log from the kernel and user-supplied baseline JSON files. - Capability inventory: The script can execute system commands via
subprocess.runand write JSON reports to the filesystem. - Boundary markers: None present in the data ingestion logic.
- Sanitization: The script uses regular expressions to parse command output and validates JSON structures, but does not explicitly sanitize the raw binary log data. However, as this data originates from the system firmware/kernel, it is considered a trusted source in this context.
Audit Metadata