Skills
skills/l3digital-net/claude-code-plugins/up-drift/Gen Agent Trust Hub

up-drift

Warn

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill dynamically constructs shell commands for execution via the Bash tool (specifically ssh). Parameters extracted from documentation, such as hostnames and service names, are not sanitized, posing a command injection risk if the source documentation is compromised. High-privilege commands using sudo are also used for system and database checks.\n- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection.\n
  • Ingestion points: Untrusted data is retrieved from Outline Wiki pages and Notion documents.\n
  • Boundary markers: No delimiters or safety instructions are provided to distinguish between documentation content and system parameters.\n
  • Capability inventory: Includes local and remote shell access (Bash), network requests (WebFetch), and the ability to modify documentation in Notion and Outline.\n
  • Sanitization: No validation or escaping is performed on the ingested content before it is processed as command-line arguments.\n- [DATA_EXFILTRATION]: The inspection patterns include reading sensitive system configuration files (e.g., /etc/authentik/config.yml) via SSH. Although instructions advise against storing secrets in the wiki, the exposure of these files to the agent's context during analysis represents a data security risk.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 15, 2026, 08:30 AM
Security Audit — agent-trust-hub — up-drift