Skills
skills/h1d/agent-skills-esp32/esp32-serial-logging/Gen Agent Trust Hub

esp32-serial-logging

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill reads raw data from an external serial device (microcontroller) and saves it to /tmp/device.log for analysis. This creates a surface where an attacker-controlled device could output instructions intended to manipulate the agent during log inspection.
  • Ingestion points: Serial device output captured via cat into /tmp/device.log.
  • Boundary markers: None. Data is appended raw to the log file.
  • Capability inventory: Shell command execution via ls, stty, cat, tail, grep, and pkill (SKILL.md).
  • Sanitization: None. The skill suggests direct inspection of the raw log file.
  • [Command Execution] (SAFE): The skill uses common system utilities (ls, stty, tail, grep, pkill) to manage hardware communication and local file monitoring. These commands are necessary for the primary purpose of serial debugging and do not target sensitive system areas.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:03 PM