Skills
skills/ruiwarn/skills/mcu-rtt-debugger/Gen Agent Trust Hub

mcu-rtt-debugger

Pass

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/rtt_control.py script executes the JLinkRTTLogger binary and shell commands using subprocess.Popen to manage debugging sessions.
  • [COMMAND_EXECUTION]: A background timer in scripts/rtt_control.py is implemented using subprocess.Popen with shell=True, which is a security anti-pattern for command execution.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted log data from the target MCU via scripts/analyze_log.py and presents it to the AI agent without sanitization or boundary markers. This could allow malicious firmware to inject instructions into the agent's context through the RTT log stream.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 23, 2026, 03:42 AM