Skills
NYC
skills/letta-ai/skills/qemu-startup/Gen Agent Trust Hub

qemu-startup

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill constructs and executes complex shell commands involving qemu-system-x86_64, pkill, and network diagnostic tools (nc, telnet). If parameters like ports or image paths are sourced from untrusted input, it could lead to command injection.
  • [PROMPT_INJECTION] (MEDIUM): Implements an Indirect Prompt Injection surface. The agent is instructed to read and grep output from the VM's serial console (telnet localhost PORT). If a malicious ISO is used, the VM output could contain instructions designed to manipulate the agent's logic.
  • Ingestion point: VM serial console output via telnet (SKILL.md).
  • Capability inventory: Execution of qemu-system, pkill, and shell loops (SKILL.md).
  • Sanitization: Minimal; uses grep for specific strings but does not sanitize or escape the overall data stream.
  • Boundary markers: None present to distinguish VM output from system instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 12:14 AM