platformio
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The installation section provides instructions to download a Python script using
curlfromhttps://raw.githubusercontent.com/platformio/platformio-core-installer/master/get-platformio.pyand execute it immediately. Since theplatformioorganization is not in the trusted list provided in the security skill, this constitutes unverified remote code execution. - [COMMAND_EXECUTION] (MEDIUM): The skill requires the
Bashtool and documentation describes the use ofextra_scripts(e.g.,pre:scripts/pre_build.py). This feature allows for the execution of arbitrary Python code within the agent's environment during the build phase of a project. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill facilitates downloading external libraries via
lib_depsandpio pkg install. These can point to arbitrary Git URLs or file paths, which could be used to pull malicious code into the development environment. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted project data. Evidence Chain: 1. Ingestion points: Reads
platformio.iniand source code files viaReadandGrep. 2. Boundary markers: None present to distinguish project data from instructions. 3. Capability inventory: FullBashaccess and Python execution through build scripts. 4. Sanitization: None specified for file content before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/platformio/platformio-core-installer/master/get-platformio.py - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata