pikvm
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses curl to interact with the PiKVM REST API for hardware management tasks such as mouse movement, keystrokes, and power control in SKILL.md. This is the primary and documented purpose of the skill.
- [CREDENTIALS_UNSAFE]: Authentication is handled through environment variables (PIKVM_AUTH) configured in the vm0_secrets frontmatter. This follows standard platform practices for secure secret injection.
- [CREDENTIALS_UNSAFE]: The curl commands in SKILL.md use the -k flag, which bypasses SSL certificate validation. While common for local network hardware, it is a security best-practice deviation that could allow for credential interception on a compromised network.
- [CREDENTIALS_UNSAFE]: Mentions the default PiKVM credentials (admin:admin) in SKILL.md as a configuration guide for users.
- [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface. Ingestion points: Reads remote system status and screenshots via curl; accepts text input for typing. Boundary markers: None. Capability inventory: network requests and shell command execution via curl. Sanitization: No input validation or escaping is performed on text sent to the remote system. This allows the skill to be used as a vector if the agent processes malicious content from the remote computer's screen or input.
Audit Metadata