fully-kiosk
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. Ingestion points: The agent processes device status JSON from the 'deviceInfo' endpoint and MQTT event topics as described in SKILL.md and reference.md. Boundary markers: The skill does not implement delimiters or explicit instructions to disregard natural language commands that might be present in ingested device metadata. Capability inventory: The skill allows the agent to execute a wide variety of commands via curl, including browser navigation, application management, and system-level operations. Sanitization: No input validation or sanitization is mentioned for data received from managed tablets.
- [COMMAND_EXECUTION]: The skill documents the use of curl to send management commands to tablets over the local network via the REST API.
- [EXTERNAL_DOWNLOADS]: The skill documents APIs for downloading and installing external files, such as APKs and ZIP archives, onto managed devices (loadApkFile, loadZipFile).
- [REMOTE_CODE_EXECUTION]: The skill documents the capability to execute root and shell commands (runRootCommand, runSuCommand) on tablets that have been specifically configured for such access.
Audit Metadata