security-guide

Warn

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill instructs the agent to scan sensitive file paths including ~/.ssh/, ~/.aws/credentials, and .env files to check for plaintext secrets and improper permissions. These directories contain critical authentication material, and their access by an agent represents a significant data exposure risk.
  • [COMMAND_EXECUTION]: The skill enables system interaction through commands such as ufw, docker run, and chmod. It specifically mentions an auto-fix capability via the /harden fix command, which allows the agent to execute state-changing operations on the host environment.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the ShellWard audit log (audit.jsonl) and lists of installed plugins. Because the agent processes this data to provide security recommendations without explicit boundary markers or sanitization, it is vulnerable to indirect prompt injection where malicious log entries or plugin metadata could influence agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 1, 2026, 10:04 PM
Security Audit — agent-trust-hub — security-guide