network-security
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive system configuration files and cryptographic assets for auditing purposes.
- Evidence includes instructions to read /etc/ssh/sshd_config and .ssh/authorized_keys as documented in references/audit-checklist.md and references/ssh-bastion.md.
- It describes procedures for collecting system evidence, such as memory snapshots and log archives, in references/incident-runbook.md.
- [COMMAND_EXECUTION]: The skill employs various administrative commands to manage system security and network configuration.
- It utilizes tools such as nftables, ufw, sysctl, and systemctl.
- It invokes system-level utilities like apt, certbot, and fail2ban-client across its operational workflows.
- [EXTERNAL_DOWNLOADS]: The skill retrieves configuration data and security tools from well-known external sources.
- It fetches IP ranges from Cloudflare to populate firewall rulesets.
- It downloads certificate management tools and service-to-service identity providers from Smallstep and ACME.sh.
- It references the OWASP Core Rule Set hosted on GitHub for Web Application Firewall tuning.
- [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection.
- Ingestion points: The agent ingests local reference files and guidance from the references/ directory when prompted by SKILL.md.
- Boundary markers: There are no explicit delimiters or 'ignore embedded instructions' warnings used when the agent processes these reference documents.
- Capability inventory: Across files like SKILL.md and references/incident-runbook.md, the agent is instructed to use high-privilege shell commands (sudo), modify kernel parameters, and perform network operations.
- Sanitization: No mechanisms for validation or escaping of the ingested reference content or resulting command outputs are defined.
Audit Metadata