Skills
skills/nannaolympicbroadcast/embeddeddevagentskill/embedded-dev-antigravity/Gen Agent Trust Hub

embedded-dev-antigravity

Warn

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent to ask users for their Wi-Fi SSID and password in Step 6 to facilitate device connectivity. This involves handling sensitive credentials in plaintext within the LLM's context and passing them to terminal commands.
  • [COMMAND_EXECUTION]: The skill relies on the shell tool to invoke the fastmcp CLI. This tool acts as a bridge to a local MCP server (http://127.0.0.1:30837/mcp), allowing the agent to execute arbitrary commands on the host machine and connected hardware (e.g., idf.py flash, nmcli, openocd).
  • [EXTERNAL_DOWNLOADS]: The documentation encourages users to download the Electerm binary from an external website (https://electerm.html5beta.com/) and install the fastmcp Python package. While these are established tools, they represent a requirement for third-party software installation.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it mandates the use of web_search to ingest technical documentation from external sites (GitHub, official docs) without sanitization or boundary markers, while possessing high-privilege shell capabilities.
  • Ingestion points: Step 3 and Step 4 use web_search to fetch external content.
  • Boundary markers: None implemented for search results.
  • Capability inventory: Full shell access and hardware control via fastmcp.
  • Sanitization: No filtering or escaping is performed on data retrieved from the web.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 27, 2026, 02:46 AM