sdk-assistant-agent
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute local build scripts (
./build.sh), vendor-provided flashing tools (cskburn), and internal Python scripts (serial_read.py) for log monitoring. These operations are conducted within the local development environment and are standard for an SDK assistant of this nature.- [EXTERNAL_DOWNLOADS]: The agent usesWebFetchto retrieve API details and configuration guidelines fromdocs2.listenai.com. This is the official documentation platform for the Listenai ARCS SDK, and its use is consistent with the skill's primary purpose.- [PROMPT_INJECTION]: The skill possesses a risk surface for indirect prompt injection as it processes untrusted data from the local SDK project. - Ingestion points: The skill reads SDK source code (
.c,.h), build configuration files (CMakeLists.txt,Kconfig), and parses git history (git log,git diff) to extract development experience. - Boundary markers: There are no explicit boundary markers or instructions to disregard potential commands embedded within the analyzed files or commit messages.
- Capability inventory: The agent has permissions to execute shell commands, read/write/edit files, and perform web requests, which could be leveraged if malicious instructions were successfully injected.
- Sanitization: No sanitization or validation is applied to data retrieved from the codebase or git history before it is processed by the model.
Audit Metadata