mqtt
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill suggests using
subprocess.runto execute external CLI tools such asmosquitto_pub. This pattern poses a risk of command injection if the command arguments or payloads are constructed from untrusted user input without adequate sanitization. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from external MQTT brokers.
- Ingestion points: Data enters the agent context through MQTT message payloads in the
on_messagecallback (e.g.,message.payload.decode()). - Boundary markers: There are no delimiters or instructions provided to the agent to treat the incoming MQTT payload as untrusted data rather than instructions.
- Capability inventory: The skill possesses capabilities for shell command execution (
subprocess.run), file system interaction (JSON config reading), and network operations (client.publish). - Sanitization: The examples provided do not include any logic to sanitize, validate, or escape the content of the MQTT messages before they are processed or logged.
Audit Metadata