Skills
skills/listenai/skills/arcs-dev-tools/Gen Agent Trust Hub

arcs-dev-tools

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses git clone and git submodule update to download the ARCS SDK from a repository (defaulting to a LISTENAI vendor domain).
  • [COMMAND_EXECUTION]: Executes several shell commands for environment management, including chmod +x to enable execution of the cskburn binary and fuser to manage serial port access.
  • [REMOTE_CODE_EXECUTION]: Runs shell scripts (prepare_listenai_tools.sh, prepare_toolchain.sh, and build.sh) fetched from the repository. This is part of the standard installation and build process for this toolchain.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by reading raw serial logs from hardware and providing them to the agent.
  • Ingestion points: serial_read.py reads from /dev/ttyACM* and /dev/ttyUSB* devices.
  • Boundary markers: No explicit markers or delimiters are used to wrap serial output in SKILL.md.
  • Capability inventory: Includes the ability to clone repositories, execute bash scripts, and flash binaries (referenced in SKILL.md).
  • Sanitization: Serial data in serial_read.py is decoded as UTF-8 with character replacement but is not sanitized for potential embedded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 02:16 AM