hsb-test

Warn

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs extensive shell command execution on a remote host via SSH, including running Docker containers with the --privileged flag and disabling X11 access controls via xhost +local:docker during phase 2.
  • [REMOTE_CODE_EXECUTION]: Test commands are dynamically generated from a plan retrieved from an external source (URL or file) provided by the user in Phase 1. This allows for arbitrary execution of shell commands on the remote system based on potentially untrusted input.
  • [EXTERNAL_DOWNLOADS]: The skill downloads test plan definitions from arbitrary external URLs and pulls specific Docker images (hololink-demo) from a remote registry to execute the testing environment.
  • [DATA_EXFILTRATION]: Sensitive hardware identifiers, including MAC addresses, serial numbers, and FPGA versions, are extracted from the remote host in Phase 0 to generate a QA report.
  • [PROMPT_INJECTION]: The skill provides an 'auto-approve' mode (--y flag) that explicitly suppresses all human-in-the-loop confirmation gates. This allows the agent to execute commands parsed from an external test plan without user review, creating a vector for indirect instruction override or command injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 18, 2026, 04:34 PM
Security Audit — agent-trust-hub — hsb-test