Skills
skills/sickn33/antigravity-awesome-skills/firmware-analyst/Gen Agent Trust Hub

firmware-analyst

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download firmware from external, unverified URLs using wget (e.g., http://vendor.com/firmware/update.bin).
  • [COMMAND_EXECUTION]: Recommends the use of sudo to execute chroot commands for emulating extracted filesystems.
  • [EXTERNAL_DOWNLOADS]: Suggests installing system-level dependencies such as qemu-user-static via apt install.
  • [COMMAND_EXECUTION]: Includes various shell commands for hardware interface access (e.g., screen /dev/ttyUSB0) and filesystem extraction using tools like binwalk and dd.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection as it processes unverified binary data from firmware.bin using tools like strings and binwalk. The skill lacks input sanitization or boundary markers to prevent the agent from acting on malicious instructions embedded within the firmware metadata or strings.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 03:06 PM