hsb-test
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs extensive shell command execution on a remote host via SSH, including running Docker containers with the
--privilegedflag and disabling X11 access controls viaxhost +local:dockerduring phase 2. - [REMOTE_CODE_EXECUTION]: Test commands are dynamically generated from a plan retrieved from an external source (URL or file) provided by the user in Phase 1. This allows for arbitrary execution of shell commands on the remote system based on potentially untrusted input.
- [EXTERNAL_DOWNLOADS]: The skill downloads test plan definitions from arbitrary external URLs and pulls specific Docker images (
hololink-demo) from a remote registry to execute the testing environment. - [DATA_EXFILTRATION]: Sensitive hardware identifiers, including MAC addresses, serial numbers, and FPGA versions, are extracted from the remote host in Phase 0 to generate a QA report.
- [PROMPT_INJECTION]: The skill provides an 'auto-approve' mode (
--yflag) that explicitly suppresses all human-in-the-loop confirmation gates. This allows the agent to execute commands parsed from an external test plan without user review, creating a vector for indirect instruction override or command injection.
Audit Metadata