openvpn
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill instructions focus on standard administrative tasks for OpenVPN and Easy-RSA, using official packages and following established security guidelines.
- [SAFE]: External documentation and code references point to trusted organizations (including OpenVPN, Ubuntu, and DigitalOcean) and well-known community resources.
- [SAFE]: While the skill involves managing sensitive cryptographic keys and using elevated privileges, these actions are strictly within the scope of its primary purpose as a VPN administration tool, and it includes explicit warnings for secure handling.
- [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection as it processes untrusted data in the form of OpenVPN configuration files and .ovpn bundles. 1. Ingestion points: .ovpn and .conf files defined in SKILL.md globs. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess calls for systemctl, iptables, and easyrsa, and bash script generation in setup-patterns.md. 4. Sanitization: Absent. This attack surface is inherent to the skill's administrative functionality and is documented with security best practices.
Audit Metadata