jetson-customize-pinmux

Warn

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/modify_pinmux.py dynamically loads generate_dtsi.py using importlib.util.spec_from_file_location. The path is determined at runtime by searching through a list of relative directory candidates, including parent and sibling skill folders. This dynamic loading from computed paths is a significant risk factor.
  • [COMMAND_EXECUTION]: The skill utilizes the run_script() tool to execute Python logic that modifies hardware configuration files (DTSIs) and guides the agent to perform git operations within the Jetson Linux (L4T) source tree.
  • [PROMPT_INJECTION]: The skill processes user-provided XLSM files, creating a surface for indirect prompt injection. Data such as the customer_usage field is extracted and used to drive interactive agent prompts and generate configuration comments.
  • Ingestion points: Spreadsheet parsing occurs in scripts/generate_dtsi.py and is processed by modify_pinmux.py.
  • Boundary markers: No explicit delimiters or instructions are used to signal the agent to ignore instructions embedded in the spreadsheet data.
  • Capability inventory: The skill has the capability to modify the local filesystem and direct the agent to perform git commits.
  • Sanitization: The skill uses regular expressions to sanitize certain fields before deriving function names, providing only partial mitigation against injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 22, 2026, 08:45 PM
Security Audit — agent-trust-hub — jetson-customize-pinmux