esp-idf-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Persistence Mechanisms] (HIGH): The skill instructs the user/agent to modify shell configuration files (~/.bashrc or ~/.zshrc) to add an alias. Modifying shell profiles is a persistence vector that can be leveraged to maintain unauthorized access or hijack shell sessions.
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The
idf_component.ymlconfiguration example includes a dependency from an untrusted GitHub repository (https://github.com/user/component.git). This facilitates the download and execution of remote code during the build process without verification of the source's integrity. - [Indirect Prompt Injection] (HIGH): The skill establishes an environment for processing external, attacker-controlled code components that are subsequently used in high-privilege operations like compilation and flashing.
- Ingestion points: External components defined in
idf_component.ymland remote Git repositories. - Boundary markers: Absent; no delimiters are used to separate untrusted component data from the build system.
- Capability inventory: Includes
idf.py build,idf.py flash, andmake setup-idfwhich allow for arbitrary code execution and hardware modification. - Sanitization: None; the skill lacks validation for component sources or contents.
Recommendations
- AI detected serious security threats
Audit Metadata