The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill processes untrusted external data in the form of firmware binaries (firmware.bin) and their extracted filesystems.
Ingestion points: binwalk-extractor.py and vulnerability-scanner.py ingest raw binary data and filesystem contents.
Boundary markers: No explicit sanitization or prompt boundary markers are described to prevent instructions embedded in firmware metadata or scripts from influencing the agent's logic.
Capability inventory: Extensive capabilities including arbitrary command execution via os.system/subprocess, network bridging, and binary emulation (QEMU).
Sanitization: No mention of input validation for the firmware images or the configuration templates.
[Command Execution] (HIGH): The skill relies on several shell-heavy scripts (qemu-emulator.sh, qemu-setup.sh) that perform high-risk operations such as network bridging, chroot environment setup, and system-level library resolution. Misconfiguration or malicious input could lead to host system compromise.
[External Downloads] (MEDIUM): The README requires the installation of several third-party Python and Node.js packages, including firmadyne-wrapper, which is not from a primary trusted source and should be audited for supply chain risks.
[Privilege Escalation] (MEDIUM): Operations described in qemu-emulator.sh, specifically network bridging (brctl/ip link) and chroot, typically require elevated (root/sudo) privileges, which the skill assumes the agent can acquire.
[Metadata Poisoning] (INFO): An automated scanner alert identifies libc.so as a blacklisted URL. While libc.so is a standard system library, this signature match suggests the presence of binaries or references that may have been previously flagged in malicious contexts.

reverse-engineering-firmware-analysis