firmware-analyst
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill provides instructions to execute binaries from an untrusted extracted firmware filesystem using sudo chroot. This allows arbitrary code from an external source to run with root privileges.
- Indirect Prompt Injection (HIGH): The skill's primary function is processing untrusted firmware data. 1. Ingestion points: Firmware images (firmware.bin) downloaded from external URLs or extracted from hardware. 2. Boundary markers: None. 3. Capability inventory: High-privilege execution via sudo, chroot, and binwalk. 4. Sanitization: None.
- COMMAND_EXECUTION (HIGH): The skill uses sudo and dd for low-level system and hardware access which can be misused to compromise host integrity.
- EXTERNAL_DOWNLOADS (LOW): The skill references downloading firmware over unencrypted http, increasing the risk of man-in-the-middle attacks.
Recommendations
- AI detected serious security threats
Audit Metadata