servel
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's documentation includes a common installation pattern that pipes a remote script to bash (
curl -fsSL https://servel.dev/install.sh | bash). While this is a sensitive operation, it targets the official domain of the service being managed by the skill and is documented as the standard installation method. - [COMMAND_EXECUTION]: The skill makes extensive use of CLI commands to manage servers, deployments, and infrastructure. This includes powerful operations such as
servel ssh,servel exec, and modifying firewall rules viaservel ban. These operations are well-documented and core to the skill's functionality. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests data from local project files that could contain untrusted content.
- Ingestion points: Reads configuration and environment data from
servel.yaml,.servel/state.json, and.envfiles within the project directory. - Boundary markers: None identified in the prompt templates to delimit data from instructions.
- Capability inventory: The skill has high capabilities, including executing remote commands, managing secrets, and modifying infrastructure via the
servelCLI. - Sanitization: No explicit sanitization or validation of the input file content is performed before interpolation into commands.
Audit Metadata