agentic-devops
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
devops.pyutilizessubprocess.run(shell=True)to execute system utilities includingdocker,ps,ss, andnetstat. Executing commands through a shell increases the attack surface for command injection if input sanitization is bypassed. - [DATA_EXFILTRATION]: The skill is designed to read sensitive system log files such as
/var/log/auth.log,/var/log/syslog,/var/log/messages, and/var/log/kern.log. These files frequently contain sensitive information regarding user logins, authentication attempts, and internal system events which could be exposed to the agent or exfiltrated via the built-in network capabilities. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. It ingests untrusted data from external sources, specifically system logs and HTTP response bodies via
urllib.request.urlopen. Content from these attacker-controllable sources is displayed to the agent without boundary markers or sanitization, potentially allowing malicious instructions embedded in logs or web responses to influence agent behavior.
Audit Metadata