jetson-customize-pinmux
Warn
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script
scripts/modify_pinmux.pydynamically loadsgenerate_dtsi.pyusingimportlib.util.spec_from_file_location. The path is determined at runtime by searching through a list of relative directory candidates, including parent and sibling skill folders. This dynamic loading from computed paths is a significant risk factor. - [COMMAND_EXECUTION]: The skill utilizes the
run_script()tool to execute Python logic that modifies hardware configuration files (DTSIs) and guides the agent to perform git operations within the Jetson Linux (L4T) source tree. - [PROMPT_INJECTION]: The skill processes user-provided XLSM files, creating a surface for indirect prompt injection. Data such as the
customer_usagefield is extracted and used to drive interactive agent prompts and generate configuration comments. - Ingestion points: Spreadsheet parsing occurs in
scripts/generate_dtsi.pyand is processed bymodify_pinmux.py. - Boundary markers: No explicit delimiters or instructions are used to signal the agent to ignore instructions embedded in the spreadsheet data.
- Capability inventory: The skill has the capability to modify the local filesystem and direct the agent to perform git commits.
- Sanitization: The skill uses regular expressions to sanitize certain fields before deriving function names, providing only partial mitigation against injection.
Audit Metadata