server-security
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to assign user input from
$ARGUMENTSto a variable and execute shell commands using it (e.g.,ssh $SSH_TARGET "..."). If the input is not sanitized, it creates a risk of command injection on the host environment where the agent is running. - [DATA_EXFILTRATION]: The auditing process involves searching for and reading extremely sensitive files, including SSH private keys (
*.key,*.pem), environment secrets (.env), and database files (.db,.sqlite). This content is extracted from the target server and placed into the AI agent's context. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from the target server (such as login logs and file contents) without using boundary markers or sanitization. Malicious instructions embedded in these logs or files could influence the agent's behavior during the audit.
- Ingestion points: Reading system logs (
lastb,journalctl) and scanning sensitive file contents. - Boundary markers: None identified in the instructions.
- Capability inventory: Full shell access on the remote target, package installation, and service configuration.
- Sanitization: None applied to the data retrieved from the remote system.
- [COMMAND_EXECUTION]: The skill's remediation features execute high-privilege commands on the remote target, such as modifying firewall rules, changing system-wide service configurations, and installing new software packages.
Audit Metadata