pikvm
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): Commands are executed via bash -c to facilitate environment variable usage. This pattern can lead to command injection if the agent incorporates untrusted user data into the command strings without proper escaping.
- [PROMPT_INJECTION] (LOW): Risk of Indirect Prompt Injection. The skill retrieves screenshots from a remote host via /api/streamer/snapshot. If the agent processes these images using vision or OCR, an attacker with control over the remote machine's display can inject malicious instructions into the agent context. Ingestion points: /tmp/screenshot.jpg; Boundary markers: None; Capability inventory: Shell and network access; Sanitization: None.
- [SAFE] (INFO): Insecure SSL usage. All curl commands include the -k flag, which disables certificate validation and exposes PIKVM_AUTH credentials to potential Man-in-the-Middle (MITM) attacks on the local network.
Audit Metadata