esp-idf-helper
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill's automation scripts (
flash_with_progress.sh,monitor_auto_attach.sh,run_menuconfig.sh) dynamically load and execute environment setup files using thesourcecommand on paths provided via arguments (e.g.,$IDF_DIR/export.sh). This is the standard mechanism for ESP-IDF but allows for the execution of arbitrary script content if the directory path is manipulated. - [COMMAND_EXECUTION] (LOW): The script
usbipd_attach_serial.shinvokespowershell.exefrom within the WSL environment to execute Windows-side commands for hardware management. This cross-OS execution is a functional requirement for WSL2 serial port access but expands the execution boundary. - [PROMPT_INJECTION] (LOW): The skill identifies as having an indirect prompt injection surface (Category 8) because it ingests and processes data from external tool outputs to drive automated retry logic.
- Ingestion points: Command output from
idf.pyandusbipd listcaptured in scripts/flash_with_progress.sh and scripts/monitor_auto_attach.sh. - Boundary markers: Absent; scripts rely on simple grep pattern matching on command output.
- Capability inventory: The skill can execute firmware flashing, serial monitoring, and cross-environment PowerShell commands.
- Sanitization: Limited; the scripts use basic shell utilities like
awkandtrto parse tool output without rigorous validation.
Audit Metadata