Skills
skills/jtsang4/network-tune/proxy-networking/Gen Agent Trust Hub

proxy-networking

Fail

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill downloads and executes an installation script from an external, third-party source.
  • Evidence: In references/v2ray-agent.md, the workflow includes: wget -P /root -N --no-check-certificate "https://raw.githubusercontent.com/mack-a/v2ray-agent/master/install.sh"; chmod 700 /root/install.sh; /root/install.sh.
  • Risk: The use of --no-check-certificate disables SSL certificate validation, making the download vulnerable to Man-In-The-Middle (MITM) attacks. Executing unverified scripts from third-party repositories grants the script full control over the target host.
  • [COMMAND_EXECUTION]: The skill performs extensive privileged operations on remote systems as the root user.
  • Evidence: Multiple reference files (e.g., references/config-patterns.md, references/preflight.md, references/topology-workflow.md) instruct the agent to use ssh to execute commands such as iptables, sysctl, and systemctl restart on remote VPS nodes.
  • Risk: This provides a significant attack surface where unintended or malicious commands could be executed with root privileges if the agent's instructions are manipulated.
  • [EXTERNAL_DOWNLOADS]: The skill fetches executable scripts and software from untrusted third-party domains.
  • Source: https://raw.githubusercontent.com/mack-a/v2ray-agent/master/install.sh.
  • [CREDENTIALS_UNSAFE]: The skill handles and generates sensitive cryptographic keys and proxy configuration data.
  • Evidence: The skill instructions involve extracting and managing WireGuard private keys, Reality private keys, and VLESS UUIDs. references/vless-links.md describes the process of searching remote configuration files for these secrets.
  • Risk: Mishandling or exposure of these credentials during the automated deployment process could lead to the compromise of the proxy infrastructure and user traffic.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the automated processing of remote, untrusted configuration files.
  • Ingestion Points: Remote configuration files such as /root/realm.toml and Xray JSON files (referenced in references/preflight.md and references/topology-workflow.md) are parsed by the agent.
  • Capability Inventory: The skill possesses high-privilege capabilities including remote shell execution, system configuration modification, and service management across multiple hosts.
  • Sanitization: The utility scripts provided (e.g., scripts/patch-realm-endpoint.py) use basic regex for modification and lack robust sanitization or validation of the input data, potentially allowing malicious instructions embedded in remote files to influence agent behavior.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 12, 2026, 06:24 PM