create-swag-config
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands via SSH on the remote host 'squirts'. These commands are used to inspect configuration files ('cat'), verify Nginx syntax ('nginx -t'), and reload the SWAG container ('docker exec'). This is appropriate for the skill's primary purpose of infrastructure management.
- [EXTERNAL_DOWNLOADS]: The skill utilizes a remote MCP server located at 'https://swag.tootie.tv/mcp'. This service is owned by the vendor ('jmagar') and is used to manage the configuration lifecycle, including creation, editing, and health checks. It also references a vendor container image 'ghcr.io/jmagar/swag-mcp'. These are trusted vendor resources.
- [PROMPT_INJECTION]: The skill processes data from external sources, creating a potential surface for indirect prompt injection.
- Ingestion points: The skill reads existing configuration files, reference samples, and Nginx logs from the remote host using the 'swag' tool and SSH commands.
- Boundary markers: No explicit instructions are provided to the agent to treat this ingested data as untrusted or to ignore any embedded instructions.
- Capability inventory: The agent has the ability to create and modify system configuration files and execute shell commands via SSH on the target host.
- Sanitization: No sanitization or validation of the ingested data (logs/configs) is mentioned before it is used to influence subsequent agent actions.
Audit Metadata