security-guide
Warn
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to scan sensitive file paths including
~/.ssh/,~/.aws/credentials, and.envfiles to check for plaintext secrets and improper permissions. These directories contain critical authentication material, and their access by an agent represents a significant data exposure risk. - [COMMAND_EXECUTION]: The skill enables system interaction through commands such as
ufw,docker run, andchmod. It specifically mentions an auto-fix capability via the/harden fixcommand, which allows the agent to execute state-changing operations on the host environment. - [PROMPT_INJECTION]: The skill ingests untrusted data from the ShellWard audit log (
audit.jsonl) and lists of installed plugins. Because the agent processes this data to provide security recommendations without explicit boundary markers or sanitization, it is vulnerable to indirect prompt injection where malicious log entries or plugin metadata could influence agent behavior.
Audit Metadata