bolt-iot
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the official Membrane CLI tool (@membranehq/cli) from the public npm registry to facilitate communication with the IoT platform.
- [COMMAND_EXECUTION]: Utilizes the membrane CLI to execute shell commands for device management, including reading sensors, writing to serial ports, and controlling GPIO pins.
- [PROMPT_INJECTION]: The skill acts as a bridge for data from external IoT devices, which presents a surface for indirect prompt injection if those devices return untrusted content.
- Ingestion points: Output from API requests and device actions in the SKILL.md file.
- Boundary markers: No explicit delimiters are used to separate external IoT data from the agent's internal instructions.
- Capability inventory: Includes shell command execution and device state modification across all integrated scripts.
- Sanitization: Responses from the Bolt IoT API are processed by the agent without specific sanitization or filtering logic.
Audit Metadata