magento-diagnostic
Warn
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple Magento CLI commands (
bin/magento) and shell commands (tail) to gather system information, status, and logs. While intended for diagnostics, these commands provide significant visibility into the underlying environment. - [DATA_EXFILTRATION]: The command
bin/magento config:showis used to retrieve the entire system configuration. In Magento environments, this configuration often contains sensitive credentials, including payment gateway tokens, third-party API keys, and service passwords, which could be exposed to the agent context. - [PROMPT_INJECTION]: The skill reads external log files (
var/log/system.logandvar/log/exception.log) that are populated by application errors and exceptions. This creates a surface for indirect prompt injection, as an external attacker could potentially trigger specific errors that write malicious instructions into these logs to be processed by the agent. - Ingestion points: Reads from
var/log/system.logandvar/log/exception.logvia thetailcommand (SKILL.md). - Boundary markers: None identified; log content is ingested without delimiters or safety instructions.
- Capability inventory: Executes shell commands and Magento CLI tools (SKILL.md).
- Sanitization: No evidence of sanitization or filtering of log content before processing.
Audit Metadata