reverse-engineer-rpi
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill orchestrates a complex workflow by executing numerous shell commands and scripts. It uses subprocess.run to call git for repository management and runs custom shell scripts such as analyze_binary.sh and capture_cli_help.sh to inspect binary targets.
- [REMOTE_CODE_EXECUTION]: To discover CLI structures, the skill executes user-provided binaries with the --help flag. This execution of external code is highly sensitive but is restricted by a mandatory --authorized flag that requires users to confirm they have permission to analyze the target.
- [EXTERNAL_DOWNLOADS]: The tool fetches external resources including git repositories via git clone and documentation sitemaps via urllib.request. It uses these downloads to build its feature inventory and analysis reports.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection. Ingestion points: reads package.json, pyproject.toml, and source code files in reverse_engineer_rpi.py. Boundary markers: none used when interpolating external content into reports. Capability inventory: performs subprocess calls and file writes across scripts. Sanitization: lacks filtering or escaping for external content.
- [DATA_EXFILTRATION]: The URL fetching utility supports the file:// protocol and manual path resolution, which can be used to read local system files. This capability could be exploited to expose sensitive local data if the tool is directed to a malicious or unintended file path.
Audit Metadata