The Agent Skills Directory

[COMMAND_EXECUTION]: The skill leverages the subprocess module across several scripts (jlink_exec.py, jlink_gdb.py, jlink_rtt.py, jlink_swo.py) to run external development tools like JLink.exe, JLinkGDBServerCL.exe, and arm-none-eabi-gdb.
[COMMAND_EXECUTION]: The jlink_gdb.py script enables the execution of arbitrary GDB commands. Because GDB includes a built-in shell command, this functionality can be abused to execute any command on the host operating system.
[COMMAND_EXECUTION]: The jlink_swo.py script accepts a command array via the --viewer-cmd parameter (or through the swo_command configuration field) and executes it directly using subprocess.Popen, allowing for the execution of arbitrary processes.
[COMMAND_EXECUTION]: In jlink_exec.py, J-Link command scripts are generated by interpolating user-supplied arguments into templates. These inputs are not sanitized for newline characters, which could allow a malicious actor to inject additional J-Link commands into the generated script.
[DATA_EXFILTRATION]: The combined capabilities of arbitrary command execution and file access (intended for firmware flashing) provide a vector for reading sensitive local files and transmitting them to external servers.
[COMMAND_EXECUTION]: The jlink_runtime.py file contains logic to hide subprocess windows on Windows using CREATE_NO_WINDOW and SW_HIDE. While intended to provide a cleaner CLI experience, this also conceals the execution of these processes from the user's view.

jlink