The Agent Skills Directory

[SAFE]: The skill is a legitimate cybersecurity tool for firmware analysis. All procedures, scripts, and documentation are consistent with professional security auditing practices and do not exhibit malicious intent.
[COMMAND_EXECUTION]: The provided Python script scripts/agent.py executes system utilities such as binwalk and file. It correctly uses list-based arguments with subprocess.run, which is a secure method to prevent shell injection vulnerabilities.
[EXTERNAL_DOWNLOADS]: The skill references established open-source security tools (binwalk, chipsec, UEFITool, etc.) hosted on official GitHub repositories. These are well-known resources in the cybersecurity community.
[DATA_EXFILTRATION]: While the script searches for credentials, hashes, and SSH keys, it operates exclusively on the user-provided firmware image. Findings are saved to a local JSON report, with no network transmission of this data detected.
[CREDENTIALS_UNSAFE]: No hardcoded credentials or secrets were found within the skill's source code. The credential-matching patterns in the analysis script are purpose-built for identifying risks in target firmware images.
[PROMPT_INJECTION]: No evidence of instructions designed to bypass agent safety filters or override system prompts was found in the skill's metadata or markdown content.

performing-firmware-malware-analysis