skills/nvidia/osmo/osmo-admin/Gen Agent Trust Hub

osmo-admin

Warn

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions in references/service-configs.md direct the agent to "discover a local validation command when one is provided or declared in the config root" and execute it. Running arbitrary commands or scripts found within a user-supplied repository represents a dynamic execution risk where the agent might inadvertently execute malicious scripts placed in the workspace.
  • [PROMPT_INJECTION]: The skill processes untrusted user-provided configuration files (YAML) to determine its logic, such as resolving pod templates or resource validations. This creates an indirect prompt injection surface (Category 8c) where malicious content in these files could influence agent behavior, particularly concerning given the skill's shell and filesystem capabilities.
  • [COMMAND_EXECUTION]: The skill relies on the shell tool for repository discovery, file searching via ripgrep or grep, and git operations. While the instructions include several "Critical Gates" to prevent live cluster mutation, the capability to execute shell commands across a user-provided directory tree increases the potential impact of an injection attack.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 24, 2026, 11:41 PM
Security Audit — agent-trust-hub — osmo-admin